CVE-2022-1161
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | 1768 CompactLogix controllers | All all | affected |
| Rockwell Automation | 1769 CompactLogix controllers | all | affected |
| Rockwell Automation | CompactLogix 5370 controllers | all | affected |
| Rockwell Automation | CompactLogix 5380 controllers | all | affected |
| Rockwell Automation | CompactLogix 5480 controllers | all | affected |
| Rockwell Automation | Compact GuardLogix 5370 controllers | all | affected |
| Rockwell Automation | Compact GuardLogix 5380 controllers | all | affected |
| Rockwell Automation | ControlLogix 5550 controllers | all | affected |
| Rockwell Automation | ControlLogix 5560 controllers | all | affected |
| Rockwell Automation | ControlLogix 5570 controllers | all | affected |
| Rockwell Automation | ControlLogix 5580 controllers | all | affected |
| Rockwell Automation | GuardLogix 5560 controllers | all | affected |
| Rockwell Automation | GuardLogix 5570 controllers | all | affected |
| Rockwell Automation | GuardLogix 5580 controllers | all | affected |
| Rockwell Automation | FlexLogix 1794-L34 controllers | all | affected |
| Rockwell Automation | DriveLogix 5730 controllers | all | affected |
| Rockwell Automation | SoftLogix 5800 controllers | all | affected |
Weaknesses
- CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.