CVE-2022-1797

Summary

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix 5380 controllersunspecified <= 32.013affected
Rockwell AutomationCompact GuardLogix 5380 controllersunspecified <= 32.013affected
Rockwell AutomationCompactLogix 5480 controllersunspecified <= 32.013affected
Rockwell AutomationControlLogix 5580 controllersunspecified <= 32.013affected
Rockwell AutomationGuardLogix 5580 controllersunspecified <= 32.013affected
Rockwell AutomationCompactLogix 5370 controllersunspecified <= 33.013affected
Rockwell AutomationCompact GuardLogix 5370 controllersunspecified <= 33.013affected
Rockwell AutomationControlLogix 5570 controllersunspecified <= 33.013affected
Rockwell AutomationGuardLogix 5570 controllers33.013affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

Workarounds

If upgrading is not possible, Rockwell Automation recommends the following mitigations: Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329. Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.

Please see Rockwell Automation’s security advisory PN1596 for more information. https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References