Search criteria
3 vulnerabilities found for CompactLogix 5370 by Rockwell Automation
VAR-202212-1782
Vulnerability from variot - Updated: 2025-03-13 22:50A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). CompactLogix 5370 firmware, Compact Guardlogix 5370 firmware, Compact GuardLogix 5380 Controller firmware, etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Rockwell Automation controllers are a series of controllers from Rockwell Automation, an American company. Attackers can exploit this vulnerability to cause major non-recoverable failures (MNRF) and denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compact guardlogix 5380",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "28"
},
{
"model": "guardlogix 5570",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "guardlogix 5570",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compact guardlogix 5370",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "28"
},
{
"model": "compactlogix 5370",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "compactlogix 5370",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "controllogix 5570 redundancy",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "compact guardlogix 5380",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "controllogix 5570",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "controllogix 5570",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compact guardlogix 5370",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "controllogix 5570 redundancy",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix 5370",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "controllogix 5570 redundancy",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "controllogix 5570 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compact guardlogix 5370",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix 5570 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compact guardlogix 5380 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation rockwell automation controllers",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
],
"trust": 0.6
},
"cve": "CVE-2022-3157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-04522",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3157",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3157",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-3157",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2022-3157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-3157",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-04522",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3450",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). CompactLogix 5370 firmware, Compact Guardlogix 5370 firmware, Compact GuardLogix 5380 Controller firmware, etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Rockwell Automation controllers are a series of controllers from Rockwell Automation, an American company. Attackers can exploit this vulnerability to cause major non-recoverable failures (MNRF) and denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3157",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-354-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU97518052",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-04522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3157",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"id": "VAR-202212-1782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
}
]
},
"last_update_date": "2025-03-13T22:50:57.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation controllers Denial of Service Vulnerability (CNVD-2025-04522)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/663791"
},
{
"title": "Rockwell Automation controllers Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218804"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3157"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97518052/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-02"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-354-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3157/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"date": "2022-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"date": "2023-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"date": "2022-12-16T21:15:08.797000",
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"date": "2022-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"date": "2023-11-30T04:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"date": "2023-11-07T03:50:52.127000",
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Rockwell\u00a0Automation\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
],
"trust": 0.6
}
}
CVE-2022-3157 (GCVE-0-2022-3157)
Vulnerability from nvd – Published: 2022-12-16 20:35 – Updated: 2025-04-16 14:32
VLAI?
Title
Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack
Summary
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | CompactLogix 5370 |
Affected:
20 , ≤ 33
(Major)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:31:37.602806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:32:17.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CompactLogix 5370",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact GuardLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "28",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix 5570 Redundancy",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GuardLogix 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
}
],
"datePublic": "2022-12-15T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). \u003c/span\u003e\n\n"
}
],
"value": "\nA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-16T20:35:55.689Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3157",
"datePublished": "2022-12-16T20:35:55.689Z",
"dateReserved": "2022-09-07T19:00:02.431Z",
"dateUpdated": "2025-04-16T14:32:17.798Z",
"requesterUserId": "20b06643-9bf3-4d1d-a98d-f8db99f95a31",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3157 (GCVE-0-2022-3157)
Vulnerability from cvelistv5 – Published: 2022-12-16 20:35 – Updated: 2025-04-16 14:32
VLAI?
Title
Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack
Summary
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | CompactLogix 5370 |
Affected:
20 , ≤ 33
(Major)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:31:37.602806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:32:17.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CompactLogix 5370",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact GuardLogix",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "28",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix 5570 Redundancy",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GuardLogix 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33",
"status": "affected",
"version": "20",
"versionType": "Major"
}
]
}
],
"datePublic": "2022-12-15T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). \u003c/span\u003e\n\n"
}
],
"value": "\nA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-16T20:35:55.689Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3157",
"datePublished": "2022-12-16T20:35:55.689Z",
"dateReserved": "2022-09-07T19:00:02.431Z",
"dateUpdated": "2025-04-16T14:32:17.798Z",
"requesterUserId": "20b06643-9bf3-4d1d-a98d-f8db99f95a31",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}