Rockwell Automation Logix Controllers code execution | CVE-2022-1161
NAME
Rockwell Automation Logix Controllers code execution
- Platforms Affected:
Rockwell Automation SoftLogix 5800 controllers
Rockwell Automation ControlLogix 5560 controllers
Rockwell Automation ControlLogix 5570 controllers
Rockwell Automation CompactLogix 5370
Rockwell Automation CompactLogix 5380
Rockwell Automation CompactLogix 5480
Rockwell Automation 1768 CompactLogix controllers
Rockwell Automation 1769 CompactLogix controllers
Rockwell Automation Compact GuardLogix 5370 controllers
Rockwell Automation Compact GuardLogix 5380 controllers
Rockwell Automation ControlLogix 5550 controllers
Rockwell Automation ControlLogix 5580 controllers
Rockwell Automation GuardLogix 5560 controllers
Rockwell Automation GuardLogix 5570 controllers
Rockwell Automation GuardLogix 5580 controllers
Rockwell Automation FlexLogix 1794-L34 controllers
Rockwell Automation DriveLogix 5730 controllers - Risk Level:
10 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Rockwell Automation Logix Controllers could allow a remote attacker to execute arbitrary code on the system, caused by the inclusion of functionality from an untrusted control sphere. By modifying a user program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Rockwell Automation Web site for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 - Reference Link:
https://www.rockwellautomation.com/en-us/company/about-us.html
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
