CVE-2022-1161: ICSA-22-090-05 Rockwell Automation Logix Controllers
First published: Thu Mar 31 2022(Updated: )
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CompactLogix controllers | ||
| CompactLogix controllers | ||
| Rockwell Automation CompactLogix 5370 L1 controllers | ||
| CompactLogix controllers | ||
| CompactLogix controllers | ||
| Rockwell Automation Armor Compact GuardLogix 5370 controllers | ||
| Rockwell Automation Compact GuardLogix 5380 | ||
| Rockwell Automation ControlLogix 5550 | ||
| Rockwell Automation ControlLogix 5560 Controller firmware | ||
| Rockwell Automation ControlLogix 5570 Controller | ||
| Rockwell Automation ControlLogix 5580 Process | ||
| Rockwell Automation GuardLogix | ||
| Rockwell Automation GuardLogix Controllers | ||
| Rockwell Automation GuardLogix Controllers | ||
| Rockwell Automation FlexLogix 1794-L34 | ||
| Rockwell Automation DriveLogix 5730 | ||
| Rockwell Automation SoftLogix | ||
| Rockwell Automation CompactLogix 1768-L43 Firmware | ||
| Rockwell Automation CompactLogix 1768-L43 Firmware | ||
| Rockwell Automation CompactLogix 1768-L45 | ||
| Rockwell Automation CompactLogix 1768-L45 | ||
| CompactLogix 1769-L31 Firmware | ||
| Rockwell Automation CompactLogix 1769-L31 | ||
| Rockwell Automation CompactLogix 1769-L32C Firmware | ||
| Rockwell Automation CompactLogix 1769-L32C | ||
| Rockwell Automation CompactLogix 1769-L32E Firmware | ||
| Rockwell Automation CompactLogix 1769-L32E | ||
| Rockwell Automation CompactLogix 1769-L35CR | ||
| Rockwell Automation CompactLogix 1769-L35CR Firmware | ||
| Rockwell Automation CompactLogix 1769-L35E Firmware | ||
| Rockwell Automation CompactLogix 1769-L35E Firmware | ||
| Rockwell Automation CompactLogix 5370 L3 Firmware | ||
| Rockwell Automation CompactLogix 5370 L3 Firmware | ||
| Rockwell Automation CompactLogix 5370 L2 Firmware | ||
| Rockwell Automation CompactLogix 5370 L2 Firmware | ||
| Rockwell Automation CompactLogix 5370 L1 firmware | ||
| Rockwell Automation CompactLogix 5370 L1 firmware | ||
| Rockwell Automation CompactLogix 5380 Firmware | ||
| Rockwell Automation CompactLogix 5380 Firmware | ||
| Rockwell Automation CompactLogix 5480 Firmware | ||
| Rockwell Automation CompactLogix 5480 | ||
| Rockwell Automation Compact GuardLogix 5370 Firmware | ||
| Rockwell Automation Compact GuardLogix 5370 Firmware | ||
| Rockwell Automation Compact GuardLogix 5380 SIL 3 Firmware | ||
| Rockwell Automation Compact GuardLogix 5380 Firmware | ||
| ControlLogix 5550 firmware | ||
| Rockwell Automation ControlLogix 5550 | ||
| ControlLogix 5560 firmware | ||
| ControlLogix 5560 | ||
| Rockwell Automation ControlLogix 5570 | ||
| Rockwell Automation ControlLogix 5570 | ||
| Rockwell Automation ControlLogix 5580 Firmware | ||
| Rockwell Automation ControlLogix 5580 Firmware | ||
| Rockwell Automation GuardLogix Firmware | ||
| Rockwell Automation GuardLogix 5560 Firmware | ||
| Rockwell Automation GuardLogix 5570 Controller firmware | ||
| Rockwell Automation GuardLogix 5570 Controller firmware | ||
| Rockwell Automation GuardLogix 5580 Firmware | ||
| Rockwell Automation GuardLogix 5580 | ||
| FLEXLogix firmware | ||
| FLEXLogix firmware | ||
| Rockwell Automation DriveLogix 5730 Firmware | ||
| Rockwell Automation DriveLogix 5730 Firmware | ||
| Rockwell Automation SoftLogix 5800 Firmware | ||
| Rockwell Automation SoftLogix 5800 Controller |
Remedy
The following mitigations should be applied for ControlLogix 5560, ControlLogix 5570, ControlLogix 5580 series, GuardLogix 5570, GuardLogix 5580, GuardLogix 5380, CompactLogix, CompactLogix 5380 devices: Risk Mitigation A: Recompile and download user program code (i.e., acd). Put controller mode switch into Run position. If keeping controller mode switch in Run is impractical, use the following mitigation: Recompile and download user program code (i.e., acd). Monitor controller change log for any unexpected modifications or anomalous activity. Utilize the Controller Log feature. Utilize Change Detection in the Logix Designer Application. If available, use the functionality in FactoryTalk AssetCenter software to detect changes. Risk Mitigation B: Implement CIP Security to help prevent unauthorized connections when properly deployed. Supported controllers and communications modules include: ControlLogix 5580 processors using on-board EtherNet/IP port. GuardLogix 5580 processors using on-board EtherNet/IP port. ControlLogix 5580 processors operating in High Availability (HA) configurations using 1756-EN4TR ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, GuardLogix 5570 and GuardLogix 5580 can use a 1756-EN4TR ControlLogix EtherNet/IP module. If using a 1756-EN2T, then replace with a 1756-EN4TR CompactLogix 5380 using on-board EtherNet/IP port. CompactLogix GuardLogix 5380 using on-board EtherNet/IP port. The following mitigations should be applied for 1768 CompactLogix, 1769 CompactLogix, CompactLogix 5370, and CompactLogix 5480 devices: Recompile and download user program code (i.e., acd). Put controller mode switch into Run position. If keeping controller mode switch in Run is impractical, then use the following mitigation: Recompile and download user program code (i.e., acd). Monitor controller change log for any unexpected modifications or anomalous activity. Use the Controller Log feature. Use Change Detection in the Logix Designer application. If available, use the functionality in FactoryTalk AssetCenter to detect changes.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1161?
CVE-2022-1161 is a vulnerability that allows an attacker to change user program code on certain Rockwell Automation Control systems.
What is the severity of CVE-2022-1161?
CVE-2022-1161 has a severity rating of 9.8, which is classified as critical.
How does CVE-2022-1161 affect Rockwell Automation CompactLogix 1768-L43?
Rockwell Automation CompactLogix 1768-L43 is affected by CVE-2022-1161, allowing an attacker to change user program code.
How do I fix CVE-2022-1161?
To fix CVE-2022-1161, Rockwell Automation recommends applying the necessary security updates provided by the vendor.
Where can I find more information about CVE-2022-1161?
You can find more information about CVE-2022-1161 on the official advisory from the Cybersecurity and Infrastructure Security Agency (CISA).
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- agent/severity
- agent/trending
- agent/source
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/rockwell automation
- canonical/compactlogix controllers
- canonical/rockwell automation compactlogix 5370 l1 controllers
- canonical/rockwell automation armor compact guardlogix 5370 controllers
- canonical/rockwell automation compact guardlogix 5380
- canonical/rockwell automation controllogix 5550
- canonical/rockwell automation controllogix 5560 controller firmware
- canonical/rockwell automation controllogix 5570 controller
- canonical/rockwell automation controllogix 5580 process
- canonical/rockwell automation guardlogix
- canonical/rockwell automation guardlogix controllers
- canonical/rockwell automation flexlogix 1794-l34
- canonical/rockwell automation drivelogix 5730
- canonical/rockwell automation softlogix
- vendor/rockwellautomation
- canonical/rockwell automation compactlogix 1768-l43 firmware
- canonical/rockwell automation compactlogix 1768-l45
- canonical/compactlogix 1769-l31 firmware
- canonical/rockwell automation compactlogix 1769-l31
- canonical/rockwell automation compactlogix 1769-l32c firmware
- canonical/rockwell automation compactlogix 1769-l32c
- canonical/rockwell automation compactlogix 1769-l32e firmware
- canonical/rockwell automation compactlogix 1769-l32e
- canonical/rockwell automation compactlogix 1769-l35cr
- canonical/rockwell automation compactlogix 1769-l35cr firmware
- canonical/rockwell automation compactlogix 1769-l35e firmware
- canonical/rockwell automation compactlogix 5370 l3 firmware
- canonical/rockwell automation compactlogix 5370 l2 firmware
- canonical/rockwell automation compactlogix 5370 l1 firmware
- canonical/rockwell automation compactlogix 5380 firmware
- canonical/rockwell automation compactlogix 5480 firmware
- canonical/rockwell automation compactlogix 5480
- canonical/rockwell automation compact guardlogix 5370 firmware
- canonical/rockwell automation compact guardlogix 5380 sil 3 firmware
- canonical/rockwell automation compact guardlogix 5380 firmware
- canonical/controllogix 5550 firmware
- canonical/controllogix 5560 firmware
- canonical/controllogix 5560
- canonical/rockwell automation controllogix 5570
- canonical/rockwell automation controllogix 5580 firmware
- canonical/rockwell automation guardlogix firmware
- canonical/rockwell automation guardlogix 5560 firmware
- canonical/rockwell automation guardlogix 5570 controller firmware
- canonical/rockwell automation guardlogix 5580 firmware
- canonical/rockwell automation guardlogix 5580
- canonical/flexlogix firmware
- canonical/rockwell automation drivelogix 5730 firmware
- canonical/rockwell automation softlogix 5800 firmware
- canonical/rockwell automation softlogix 5800 controller