Vulnerabilities > CVE-2022-1161 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rockwellautomation

CWE-829

critical

NVD

Published: 2022-04-11

Updated: 2022-04-18

Summary

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Compactlogix 1768 L43 Firmware * Rockwellautomation Compactlogix 1768 L45 Firmware * Rockwellautomation Compactlogix 1769 L31 Firmware * Rockwellautomation Compactlogix 1769 L32C Firmware * Rockwellautomation Compactlogix 1769 L32E Firmware * Rockwellautomation Compactlogix 1769 L35Cr Firmware * Rockwellautomation Compactlogix 1769 L35E Firmware * Rockwellautomation Compactlogix 5370 L3 Firmware * Rockwellautomation Compactlogix 5370 L2 Firmware * Rockwellautomation Compactlogix 5370 L1 Firmware * Rockwellautomation Compactlogix 5380 Firmware * Rockwellautomation Compactlogix 5480 Firmware * Rockwellautomation Compact Guardlogix 5370 Firmware * Rockwellautomation Compact Guardlogix 5380 Firmware * Rockwellautomation Controllogix 5550 Firmware * Rockwellautomation Controllogix 5560 Firmware * Rockwellautomation Controllogix 5570 Firmware * Rockwellautomation Controllogix 5580 Firmware * Rockwellautomation Guardlogix 5560 Firmware * Rockwellautomation Guardlogix 5570 Firmware * Rockwellautomation Guardlogix 5580 Firmware * Rockwellautomation Flexlogix 1794 L34 Firmware * Rockwellautomation Drivelogix 5730 Firmware * Rockwellautomation Softlogix 5800 Firmware *	24
Hardware	Rockwellautomation Rockwellautomation Compactlogix 1768 L43 - Rockwellautomation Compactlogix 1768 L45 - Rockwellautomation Compactlogix 1769 L31 - Rockwellautomation Compactlogix 1769 L32C - Rockwellautomation Compactlogix 1769 L32E - Rockwellautomation Compactlogix 1769 L35Cr - Rockwellautomation Compactlogix 1769 L35E - Rockwellautomation Compactlogix 5370 L3 - Rockwellautomation Compactlogix 5370 L2 - Rockwellautomation Compactlogix 5370 L1 - Rockwellautomation Compactlogix 5380 - Rockwellautomation Compactlogix 5480 - Rockwellautomation Compact Guardlogix 5370 - Rockwellautomation Compact Guardlogix 5380 - Rockwellautomation Controllogix 5550 - Rockwellautomation Controllogix 5560 - Rockwellautomation Controllogix 5570 - Rockwellautomation Controllogix 5580 - Rockwellautomation Guardlogix 5560 - Rockwellautomation Guardlogix 5570 - Rockwellautomation Guardlogix 5580 - Rockwellautomation Flexlogix 1794 L34 - Rockwellautomation Drivelogix 5730 - Rockwellautomation Softlogix 5800 -	24

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05