high
8.6
CWE
400
Advisory Published
Updated

CVE-2022-1797: Rockwell Automation Logix Controllers Uncontrolled Resource Consumption

First published: Tue May 31 2022(Updated: )

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Rockwellautomation Compactlogix 5380 Firmware<33.011
Rockwellautomation Compactlogix 5380
Rockwellautomation Compact Guardlogix 5380 Firmware<33.011
Rockwellautomation Compact Guardlogix 5380
Rockwellautomation Compactlogix 5480 Firmware<33.011
Rockwellautomation Compactlogix 5480
Rockwellautomation Controllogix 5580 Firmware<33.011
Rockwellautomation Controllogix 5580
Rockwellautomation Guardlogix 5580 Firmware<33.011
Rockwellautomation Guardlogix 5580
Rockwellautomation Compactlogix 5370 Firmware<34.011
Rockwellautomation Compactlogix 5370
Rockwellautomation Compact Guardlogix 5370 Firmware<34.011
Rockwellautomation Compact Guardlogix 5370
Rockwellautomation Controllogix 5570 Firmware<34.011
Rockwellautomation Controllogix 5570
Rockwellautomation Guardlogix 5570 Firmware<34.011
Rockwellautomation Guardlogix 5570
Rockwell Automation CompactLogix 5380 controllers: firmware Versions 32.013 and earlier
Rockwell Automation Compact GuardLogix 5380 controllers: firmware Versions 32.013 and earlier
Rockwell Automation CompactLogix 5480 controllers: firmware Versions 32.013 and earlier
Rockwell Automation ControlLogix 5580 controllers: firmware Versions 32.013 and earlier
Rockwell Automation GuardLogix 5580 controllers: firmware Versions 32.013 and earlier
Rockwell Automation CompactLogix 5370 controllers: firmware Versions 33.013 and earlier
Rockwell Automation Compact GuardLogix 5370 controllers: firmware Versions 33.013 and earlier
Rockwell Automation ControlLogix 5570 controllers: firmware Versions 33.013 and earlier
Rockwell Automation GuardLogix 5570 controllers: firmware Versions 33.013 and earlier

Remedy

Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation's Product Compatibility & Download Center to download the latest firmware. CompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware Please see Rockwell Automation’s security advisory PN1596 for more information. https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2022-1797?

    CVE-2022-1797 is a vulnerability that allows a malformed Class 3 common industrial protocol message to cause a denial-of-service condition in Rockwell Automation Logix Controllers.

  • How does CVE-2022-1797 impact Rockwell Automation Logix Controllers?

    CVE-2022-1797 can result in a major nonrecoverable fault and requires the user to clear the fault and redownload the target device if it becomes unavailable.

  • What is the severity of CVE-2022-1797?

    CVE-2022-1797 has a severity rating of 8.6 (High).

  • Which software versions are affected by CVE-2022-1797?

    Rockwellautomation Compactlogix 5380 Firmware versions up to 33.011, Rockwellautomation Compact Guardlogix 5380 Firmware versions up to 33.011, Rockwellautomation Compactlogix 5480 Firmware versions up to 33.011, Rockwellautomation Controllogix 5580 Firmware versions up to 33.011, Rockwellautomation Guardlogix 5580 Firmware versions up to 33.011, Rockwellautomation Compactlogix 5370 Firmware versions up to 34.011, Rockwellautomation Compact Guardlogix 5370 Firmware versions up to 34.011, Rockwellautomation Controllogix 5570 Firmware versions up to 34.011, and Rockwellautomation Guardlogix 5570 Firmware versions up to 34.011 are affected by CVE-2022-1797.

  • How can I fix CVE-2022-1797?

    To fix CVE-2022-1797, update the affected Rockwell Automation Logix Controllers firmware to versions beyond the vulnerable versions mentioned in the answer above.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203