First published: Tue May 31 2022(Updated: )
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Compactlogix 5380 Firmware | <33.011 | |
Rockwellautomation Compactlogix 5380 | ||
Rockwellautomation Compact Guardlogix 5380 Firmware | <33.011 | |
Rockwellautomation Compact Guardlogix 5380 | ||
Rockwellautomation Compactlogix 5480 Firmware | <33.011 | |
Rockwellautomation Compactlogix 5480 | ||
Rockwellautomation Controllogix 5580 Firmware | <33.011 | |
Rockwellautomation Controllogix 5580 | ||
Rockwellautomation Guardlogix 5580 Firmware | <33.011 | |
Rockwellautomation Guardlogix 5580 | ||
Rockwellautomation Compactlogix 5370 Firmware | <34.011 | |
Rockwellautomation Compactlogix 5370 | ||
Rockwellautomation Compact Guardlogix 5370 Firmware | <34.011 | |
Rockwellautomation Compact Guardlogix 5370 | ||
Rockwellautomation Controllogix 5570 Firmware | <34.011 | |
Rockwellautomation Controllogix 5570 | ||
Rockwellautomation Guardlogix 5570 Firmware | <34.011 | |
Rockwellautomation Guardlogix 5570 | ||
Rockwell Automation CompactLogix 5380 controllers: firmware Versions 32.013 and earlier | ||
Rockwell Automation Compact GuardLogix 5380 controllers: firmware Versions 32.013 and earlier | ||
Rockwell Automation CompactLogix 5480 controllers: firmware Versions 32.013 and earlier | ||
Rockwell Automation ControlLogix 5580 controllers: firmware Versions 32.013 and earlier | ||
Rockwell Automation GuardLogix 5580 controllers: firmware Versions 32.013 and earlier | ||
Rockwell Automation CompactLogix 5370 controllers: firmware Versions 33.013 and earlier | ||
Rockwell Automation Compact GuardLogix 5370 controllers: firmware Versions 33.013 and earlier | ||
Rockwell Automation ControlLogix 5570 controllers: firmware Versions 33.013 and earlier | ||
Rockwell Automation GuardLogix 5570 controllers: firmware Versions 33.013 and earlier |
Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation's Product Compatibility & Download Center to download the latest firmware. CompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware Please see Rockwell Automation’s security advisory PN1596 for more information. https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1797 is a vulnerability that allows a malformed Class 3 common industrial protocol message to cause a denial-of-service condition in Rockwell Automation Logix Controllers.
CVE-2022-1797 can result in a major nonrecoverable fault and requires the user to clear the fault and redownload the target device if it becomes unavailable.
CVE-2022-1797 has a severity rating of 8.6 (High).
Rockwellautomation Compactlogix 5380 Firmware versions up to 33.011, Rockwellautomation Compact Guardlogix 5380 Firmware versions up to 33.011, Rockwellautomation Compactlogix 5480 Firmware versions up to 33.011, Rockwellautomation Controllogix 5580 Firmware versions up to 33.011, Rockwellautomation Guardlogix 5580 Firmware versions up to 33.011, Rockwellautomation Compactlogix 5370 Firmware versions up to 34.011, Rockwellautomation Compact Guardlogix 5370 Firmware versions up to 34.011, Rockwellautomation Controllogix 5570 Firmware versions up to 34.011, and Rockwellautomation Guardlogix 5570 Firmware versions up to 34.011 are affected by CVE-2022-1797.
To fix CVE-2022-1797, update the affected Rockwell Automation Logix Controllers firmware to versions beyond the vulnerable versions mentioned in the answer above.