VAR-202212-1782
Vulnerability from variot - Updated: 2025-03-13 22:50A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). CompactLogix 5370 firmware, Compact Guardlogix 5370 firmware, Compact GuardLogix 5380 Controller firmware, etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Rockwell Automation controllers are a series of controllers from Rockwell Automation, an American company. Attackers can exploit this vulnerability to cause major non-recoverable failures (MNRF) and denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1782",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compact guardlogix 5380",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "28"
},
{
"model": "guardlogix 5570",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "guardlogix 5570",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compact guardlogix 5370",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "28"
},
{
"model": "compactlogix 5370",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "compactlogix 5370",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "controllogix 5570 redundancy",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "compact guardlogix 5380",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "controllogix 5570",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "controllogix 5570",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compact guardlogix 5370",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "33"
},
{
"model": "controllogix 5570 redundancy",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "20"
},
{
"model": "compactlogix 5370",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "controllogix 5570 redundancy",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "controllogix 5570 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compact guardlogix 5370",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "guardlogix 5570 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "compact guardlogix 5380 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation rockwell automation controllers",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
],
"trust": 0.6
},
"cve": "CVE-2022-3157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-04522",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3157",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-3157",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-3157",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-3157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2022-3157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-3157",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-04522",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3450",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). CompactLogix 5370 firmware, Compact Guardlogix 5370 firmware, Compact GuardLogix 5380 Controller firmware, etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Rockwell Automation controllers are a series of controllers from Rockwell Automation, an American company. Attackers can exploit this vulnerability to cause major non-recoverable failures (MNRF) and denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-3157",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-354-02",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU97518052",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-04522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3157",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"id": "VAR-202212-1782",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
}
]
},
"last_update_date": "2025-03-13T22:50:57.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation controllers Denial of Service Vulnerability (CNVD-2025-04522)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/663791"
},
{
"title": "Rockwell Automation controllers Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=218804"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3157"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97518052/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-02"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-354-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3157/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"date": "2022-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"date": "2023-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"date": "2022-12-16T21:15:08.797000",
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04522"
},
{
"date": "2022-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-3157"
},
{
"date": "2023-11-30T04:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-023900"
},
{
"date": "2022-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3450"
},
{
"date": "2023-11-07T03:50:52.127000",
"db": "NVD",
"id": "CVE-2022-3157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Rockwell\u00a0Automation\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3450"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…