Lucene search

RockwellCVE-2022-3752

HistoryDec 19, 2022 - 11:15 p.m.

CVE-2022-3752

2022-12-1923:15:10

CWE-20

Rockwell

web.nvd.nist.gov

cve-2022-3752

denial of service

rockwell automation

logix controllers

nvd

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic
loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload
the user project file to bring the device back online and continue normal operation.

Affected configurations

Nvd

Node

rockwellautomationcompactlogix_5480Match-

AND

rockwellautomationcompactlogix_5480_firmwareRange32.011≥

Node

rockwellautomationcompactlogix_5580Match-

AND

rockwellautomationcompactlogix_5580_firmwareRange31.011≥

Node

rockwellautomationguardlogix_5580Match-

AND

rockwellautomationguardlogix_5580_firmwareRange32.011≥

Node

rockwellautomationcompact_guardlogix_5380Match-

AND

rockwellautomationcompact_guardlogix_5380_firmwareRange31.011≥

Node

rockwellautomationcompactlogix_5380Match-

AND

rockwellautomationcompactlogix_5380_firmwareRange31.011≥

VendorProductVersionCPE
rockwellautomationcompactlogix_5480-cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
rockwellautomationcompactlogix_5480_firmware*cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
rockwellautomationcompactlogix_5580-cpe:2.3:h:rockwellautomation:compactlogix_5580:-:*:*:*:*:*:*:*
rockwellautomationcompactlogix_5580_firmware*cpe:2.3:o:rockwellautomation:compactlogix_5580_firmware:*:*:*:*:*:*:*:*
rockwellautomationguardlogix_5580-cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
rockwellautomationguardlogix_5580_firmware*cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
rockwellautomationcompact_guardlogix_5380-cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*
rockwellautomationcompact_guardlogix_5380_firmware*cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*
rockwellautomationcompactlogix_5380-cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*
rockwellautomationcompactlogix_5380_firmware*cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rockwellautomation	compactlogix_5480	-	cpe:2.3:h:rockwellautomation:compactlogix_5480:-:::::::*
rockwellautomation	compactlogix_5480_firmware	*	cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware::::::::
rockwellautomation	compactlogix_5580	-	cpe:2.3:h:rockwellautomation:compactlogix_5580:-:::::::*
rockwellautomation	compactlogix_5580_firmware	*	cpe:2.3:o:rockwellautomation:compactlogix_5580_firmware::::::::
rockwellautomation	guardlogix_5580	-	cpe:2.3:h:rockwellautomation:guardlogix_5580:-:::::::*
rockwellautomation	guardlogix_5580_firmware	*	cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware::::::::
rockwellautomation	compact_guardlogix_5380	-	cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:::::::*
rockwellautomation	compact_guardlogix_5380_firmware	*	cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware::::::::
rockwellautomation	compactlogix_5380	-	cpe:2.3:h:rockwellautomation:compactlogix_5380:-:::::::*
rockwellautomation	compactlogix_5380_firmware	*	cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CompactLogix 5480",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "32.011 and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ControlLogix 5580 ",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "31.011 and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GuardLogix 5580",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "31.011 and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Compact GuardLogix 5380",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "31.011 and later"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CompactLogix 5380",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "31.011 and later"
      }
    ]
  }
]

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Related for CVE-2022-3752