Vulnerabilities > CVE-2022-3752 - Unspecified vulnerability in Rockwellautomation products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

rockwellautomation

NVD

Published: 2022-12-19

Updated: 2023-11-07

Summary

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Compactlogix 5480 Firmware 32.011 Rockwellautomation Compactlogix 5480 Firmware 32.013 Rockwellautomation Compactlogix 5480 Firmware 33.011 Rockwellautomation Compactlogix 5580 Firmware 31.011 Rockwellautomation Guardlogix 5580 Firmware 32.011 Rockwellautomation Guardlogix 5580 Firmware 32.013 Rockwellautomation Guardlogix 5580 Firmware 33.011 Rockwellautomation Compact Guardlogix 5380 Firmware 31.011 Rockwellautomation Compact Guardlogix 5380 Firmware 32.013 Rockwellautomation Compact Guardlogix 5380 Firmware 33.011 Rockwellautomation Compactlogix 5380 Firmware 31.011 Rockwellautomation Compactlogix 5380 Firmware 32.013 Rockwellautomation Compactlogix 5380 Firmware 33.011 Rockwellautomation Compactlogix 5380 Firmware V28.011 Rockwellautomation Compactlogix 5380 Firmware V29.011	15
Hardware	Rockwellautomation Rockwellautomation Compactlogix 5480 - Rockwellautomation Compactlogix 5580 - Rockwellautomation Guardlogix 5580 - Rockwellautomation Compact Guardlogix 5380 - Rockwellautomation Compactlogix 5380 -	5

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664