CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.6%
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
Vendor | Product | Version | CPE |
---|---|---|---|
rockwellautomation | compact_guardlogix_5370 | - | cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:* |
rockwellautomation | compact_guardlogix_5380 | - | cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:* |
rockwellautomation | compactlogix_1768 | - | cpe:2.3:h:rockwellautomation:compactlogix_1768:-:*:*:*:*:*:*:* |
rockwellautomation | compactlogix_1769 | - | cpe:2.3:h:rockwellautomation:compactlogix_1769:-:*:*:*:*:*:*:* |
rockwellautomation | compactlogix_5370 | - | cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:* |
rockwellautomation | compactlogix_5380 | - | cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:* |
rockwellautomation | compactlogix_5480 | - | cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:* |
rockwellautomation | controllogix_5550 | - | cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:* |
rockwellautomation | controllogix_5560 | - | cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:* |
rockwellautomation | controllogix_5570 | - | cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.6%