CVE-2022-3752

Summary

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix 548032.011 and lateraffected
Rockwell AutomationControlLogix 558031.011 and lateraffected
Rockwell AutomationGuardLogix 558031.011 and lateraffected
Rockwell AutomationCompact GuardLogix 538031.011 and lateraffected
Rockwell AutomationCompactLogix 538031.011 and lateraffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References