Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3157

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Published

2022-12-16T21:15:08.797

Last Modified

2024-11-21T07:18:56.780

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	rockwellautomation	compactlogix_5370_firmware	≤ 33	Yes
Hardware	rockwellautomation	compactlogix_5370	-	No
Operating System	rockwellautomation	compact_guardlogix_5370_firmware	≤ 33	Yes
Hardware	rockwellautomation	compact_guardlogix_5370	-	No
Operating System	rockwellautomation	compact_guardlogix_5380_firmware	≤ 33	Yes
Hardware	rockwellautomation	compact_guardlogix_5380	-	No
Operating System	rockwellautomation	controllogix_5570_firmware	≤ 33	Yes
Hardware	rockwellautomation	controllogix_5570	-	No
Operating System	rockwellautomation	controllogix_5570_redundancy_firmware	≤ 33	Yes
Hardware	rockwellautomation	controllogix_5570_redundancy	-	No
Operating System	rockwellautomation	guardlogix_5570_firmware	≤ 33	Yes
Hardware	rockwellautomation	guardlogix_5570	-	No

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757 Permissions Required, Vendor Advisory ([email protected])
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)