CVE-2022-3157

Summary

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix 537020 <= 33affected
Rockwell AutomationCompact GuardLogix28 <= 33affected
Rockwell AutomationControlLogix 557020 <= 33affected
Rockwell AutomationControlLogix 5570 Redundancy20 <= 33affected
Rockwell AutomationGuardLogix 557020 <= 33affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References