Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Published

2022-04-11T20:15:18.017

Last Modified

2024-11-21T06:40:09.667

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-829
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System rockwellautomation compactlogix_1768-l43_firmware * Yes
Hardware rockwellautomation compactlogix_1768-l43 - No
Operating System rockwellautomation compactlogix_1768-l45_firmware * Yes
Hardware rockwellautomation compactlogix_1768-l45 - No
Operating System rockwellautomation compactlogix_1769-l31_firmware * Yes
Hardware rockwellautomation compactlogix_1769-l31 - No
Operating System rockwellautomation compactlogix_1769-l32c_firmware * Yes
Hardware rockwellautomation compactlogix_1769-l32c - No
Operating System rockwellautomation compactlogix_1769-l32e_firmware * Yes
Hardware rockwellautomation compactlogix_1769-l32e - No
Operating System rockwellautomation compactlogix_1769-l35cr_firmware * Yes
Hardware rockwellautomation compactlogix_1769-l35cr - No
Operating System rockwellautomation compactlogix_1769-l35e_firmware * Yes
Hardware rockwellautomation compactlogix_1769-l35e - No
Operating System rockwellautomation compactlogix_5370_l3_firmware * Yes
Hardware rockwellautomation compactlogix_5370_l3 - No
Operating System rockwellautomation compactlogix_5370_l2_firmware * Yes
Hardware rockwellautomation compactlogix_5370_l2 - No
Operating System rockwellautomation compactlogix_5370_l1_firmware * Yes
Hardware rockwellautomation compactlogix_5370_l1 - No
Operating System rockwellautomation compactlogix_5380_firmware * Yes
Hardware rockwellautomation compactlogix_5380 - No
Operating System rockwellautomation compactlogix_5480_firmware * Yes
Hardware rockwellautomation compactlogix_5480 - No
Operating System rockwellautomation compact_guardlogix_5370_firmware * Yes
Hardware rockwellautomation compact_guardlogix_5370 - No
Operating System rockwellautomation compact_guardlogix_5380_firmware * Yes
Hardware rockwellautomation compact_guardlogix_5380 - No
Operating System rockwellautomation controllogix_5550_firmware * Yes
Hardware rockwellautomation controllogix_5550 - No
Operating System rockwellautomation controllogix_5560_firmware * Yes
Hardware rockwellautomation controllogix_5560 - No
Operating System rockwellautomation controllogix_5570_firmware * Yes
Hardware rockwellautomation controllogix_5570 - No
Operating System rockwellautomation controllogix_5580_firmware * Yes
Hardware rockwellautomation controllogix_5580 - No
Operating System rockwellautomation guardlogix_5560_firmware * Yes
Hardware rockwellautomation guardlogix_5560 - No
Operating System rockwellautomation guardlogix_5570_firmware * Yes
Hardware rockwellautomation guardlogix_5570 - No
Operating System rockwellautomation guardlogix_5580_firmware * Yes
Hardware rockwellautomation guardlogix_5580 - No
Operating System rockwellautomation flexlogix_1794-l34_firmware * Yes
Hardware rockwellautomation flexlogix_1794-l34 - No
Operating System rockwellautomation drivelogix_5730_firmware * Yes
Hardware rockwellautomation drivelogix_5730 - No
Operating System rockwellautomation softlogix_5800_firmware * Yes
Hardware rockwellautomation softlogix_5800 - No
References