Vulnerability-Lookup

GHSA-5W24-2PMC-XHP3

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-12 00:00

Details

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-1797"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.",
  "id": "GHSA-5w24-2pmc-xhp3",
  "modified": "2022-06-12T00:00:47Z",
  "published": "2022-06-03T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1797"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-1797 (GCVE-0-2022-1797)

Vulnerability from cvelistv5 – Published: 2022-05-31 19:04 – Updated: 2025-04-16 16:17

Title

Rockwell Automation Logix Controllers Uncontrolled Resource Consumption

Summary

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_CONFIRM
	https://rockwellautomation.custhelp.com/app/answe…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Rockwell Automation

CompactLogix 5380 controllers

Affected: unspecified , ≤ 32.013 (custom)

Rockwell Automation	Compact GuardLogix 5380 controllers	Affected: unspecified , ≤ 32.013 (custom)
Rockwell Automation	CompactLogix 5480 controllers	Affected: unspecified , ≤ 32.013 (custom)
Rockwell Automation	ControlLogix 5580 controllers	Affected: unspecified , ≤ 32.013 (custom)
Rockwell Automation	GuardLogix 5580 controllers	Affected: unspecified , ≤ 32.013 (custom)
Rockwell Automation	CompactLogix 5370 controllers	Affected: unspecified , ≤ 33.013 (custom)
Rockwell Automation	Compact GuardLogix 5370 controllers	Affected: unspecified , ≤ 33.013 (custom)
Rockwell Automation	ControlLogix 5570 controllers	Affected: unspecified , ≤ 33.013 (custom)
Rockwell Automation	GuardLogix 5570 controllers	Affected: 33.013

Credits

Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:16:59.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:51:38.108033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:17:49.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CompactLogix 5380 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "32.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Compact GuardLogix 5380 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "32.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CompactLogix 5480 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "32.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ControlLogix 5580 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "32.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "GuardLogix 5580 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "32.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CompactLogix 5370 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "33.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Compact GuardLogix 5370 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "33.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ControlLogix 5570 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "33.013",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "GuardLogix 5570 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "33.013"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-31T19:04:44.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation\u0027s Product Compatibility \u0026 Download Center to download the latest firmware.\n\nCompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware\nCompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Rockwell Automation Logix Controllers Uncontrolled Resource Consumption",
      "workarounds": [
        {
          "lang": "en",
          "value": "If upgrading is not possible, Rockwell Automation recommends the following mitigations:\nUse of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.\nConfirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2022-1797",
          "STATE": "PUBLIC",
          "TITLE": "Rockwell Automation Logix Controllers Uncontrolled Resource Consumption"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CompactLogix 5380 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "32.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Compact GuardLogix 5380 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": " 32.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CompactLogix 5480 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "32.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ControlLogix 5580 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "32.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GuardLogix 5580 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "32.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CompactLogix 5370 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "33.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Compact GuardLogix 5370 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "33.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ControlLogix 5570 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "33.013"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "GuardLogix 5570 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "33.013"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rockwell Automation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
            },
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559",
              "refsource": "CONFIRM",
              "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation\u0027s Product Compatibility \u0026 Download Center to download the latest firmware.\n\nCompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware\nCompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "If upgrading is not possible, Rockwell Automation recommends the following mitigations:\nUse of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.\nConfirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2022-1797",
    "datePublished": "2022-05-31T19:04:44.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:17:49.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-5W24-2PMC-XHP3

CVE-2022-1797 (GCVE-0-2022-1797)

Tags

Sightings

Nomenclature