CVE-2022-3157: Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack
First published: Fri Dec 16 2022(Updated: )
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Compactlogix 5370 Firmware | >=20<=33 | |
| Rockwellautomation Compactlogix 5370 | ||
| Rockwellautomation Compact Guardlogix 5370 Firmware | >=28<=33 | |
| Rockwellautomation Compact Guardlogix 5370 | ||
| Rockwellautomation Compact Guardlogix 5380 Firmware | >=28<=33 | |
| Rockwellautomation Compact Guardlogix 5380 | ||
| Rockwellautomation Controllogix 5570 Firmware | >=20<=33 | |
| Rockwellautomation Controllogix 5570 | ||
| Rockwellautomation Controllogix 5570 Redundancy Firmware | >=20<=33 | |
| Rockwellautomation Controllogix 5570 Redundancy | ||
| Rockwellautomation Guardlogix 5570 Firmware | >=20<=33 | |
| Rockwellautomation Guardlogix 5570 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3157?
CVE-2022-3157 is a vulnerability that exists in the Rockwell Automation controllers and can cause a major non-recoverable fault (MNRF) and a denial-of-service (DoS) condition.
What is the severity of CVE-2022-3157?
CVE-2022-3157 has a severity value of 7.5, which is considered high.
Which software versions are affected by CVE-2022-3157?
CVE-2022-3157 affects Rockwell Automation CompactLogix 5370 Firmware versions 20 to 33, and Compact GuardLogix 5370/5380 Firmware versions 28 to 33.
How can CVE-2022-3157 be exploited?
CVE-2022-3157 can be exploited by sending a malformed CIP request to the vulnerable Rockwell Automation controllers.
How can I fix CVE-2022-3157?
To fix CVE-2022-3157, it is recommended to apply the necessary security patches and updates provided by Rockwell Automation.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/rockwellautomation
- canonical/rockwellautomation compactlogix 5370 firmware
- version/rockwellautomation compactlogix 5370 firmware/20
- version/rockwellautomation compactlogix 5370 firmware/33
- canonical/rockwellautomation compactlogix 5370
- canonical/rockwellautomation compact guardlogix 5370 firmware
- version/rockwellautomation compact guardlogix 5370 firmware/28
- version/rockwellautomation compact guardlogix 5370 firmware/33
- canonical/rockwellautomation compact guardlogix 5370
- canonical/rockwellautomation compact guardlogix 5380 firmware
- version/rockwellautomation compact guardlogix 5380 firmware/28
- version/rockwellautomation compact guardlogix 5380 firmware/33
- canonical/rockwellautomation compact guardlogix 5380
- canonical/rockwellautomation controllogix 5570 firmware
- version/rockwellautomation controllogix 5570 firmware/20
- version/rockwellautomation controllogix 5570 firmware/33
- canonical/rockwellautomation controllogix 5570
- canonical/rockwellautomation controllogix 5570 redundancy firmware
- version/rockwellautomation controllogix 5570 redundancy firmware/20
- version/rockwellautomation controllogix 5570 redundancy firmware/33
- canonical/rockwellautomation controllogix 5570 redundancy
- canonical/rockwellautomation guardlogix 5570 firmware
- version/rockwellautomation guardlogix 5570 firmware/20
- version/rockwellautomation guardlogix 5570 firmware/33
- canonical/rockwellautomation guardlogix 5570