Vulnerabilities > CVE-2022-3157 - Unspecified vulnerability in Rockwellautomation products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

rockwellautomation

NVD

Published: 2022-12-16

Updated: 2023-11-07

Summary

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Compactlogix 5370 Firmware * Rockwellautomation Compact Guardlogix 5370 Firmware 30.014 Rockwellautomation Compact Guardlogix 5380 Firmware 31.011 Rockwellautomation Compact Guardlogix 5380 Firmware 32.013 Rockwellautomation Controllogix 5570 Firmware * Rockwellautomation Controllogix 5570 Redundancy Firmware * Rockwellautomation Guardlogix 5570 Firmware *	7
Hardware	Rockwellautomation Rockwellautomation Compactlogix 5370 - Rockwellautomation Compact Guardlogix 5370 - Rockwellautomation Compact Guardlogix 5380 - Rockwellautomation Controllogix 5570 - Rockwellautomation Controllogix 5570 Redundancy - Rockwellautomation Guardlogix 5570 -	6

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757