CVE-2022-3157: Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack
First published: Fri Dec 16 2022(Updated: )
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation CompactLogix 5370 Firmware | >=20<=33 | |
| Rockwell Automation CompactLogix 5370 | ||
| Rockwell Automation Compact GuardLogix 5370 Firmware | >=28<=33 | |
| Rockwell Automation Compact GuardLogix 5370 Firmware | ||
| Rockwell Automation Compact GuardLogix 5380 SIL 3 Firmware | >=28<=33 | |
| Rockwell Automation Compact GuardLogix 5380 Firmware | ||
| Rockwell Automation ControlLogix 5570 | >=20<=33 | |
| Rockwell Automation ControlLogix 5570 | ||
| rockwellautomation ControlLogix 5570 firmware | >=20<=33 | |
| ControlLogix 5570 Redundancy Firmware | ||
| Rockwell Automation GuardLogix 5570 Controller firmware | >=20<=33 | |
| Rockwell Automation GuardLogix 5570 Controller firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-3157?
CVE-2022-3157 is a vulnerability that exists in the Rockwell Automation controllers and can cause a major non-recoverable fault (MNRF) and a denial-of-service (DoS) condition.
What is the severity of CVE-2022-3157?
CVE-2022-3157 has a severity value of 7.5, which is considered high.
Which software versions are affected by CVE-2022-3157?
CVE-2022-3157 affects Rockwell Automation CompactLogix 5370 Firmware versions 20 to 33, and Compact GuardLogix 5370/5380 Firmware versions 28 to 33.
How can CVE-2022-3157 be exploited?
CVE-2022-3157 can be exploited by sending a malformed CIP request to the vulnerable Rockwell Automation controllers.
How can I fix CVE-2022-3157?
To fix CVE-2022-3157, it is recommended to apply the necessary security patches and updates provided by Rockwell Automation.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation compactlogix 5370 firmware
- version/rockwell automation compactlogix 5370 firmware/20
- version/rockwell automation compactlogix 5370 firmware/33
- canonical/rockwell automation compactlogix 5370
- canonical/rockwell automation compact guardlogix 5370 firmware
- version/rockwell automation compact guardlogix 5370 firmware/28
- version/rockwell automation compact guardlogix 5370 firmware/33
- canonical/rockwell automation compact guardlogix 5380 sil 3 firmware
- version/rockwell automation compact guardlogix 5380 sil 3 firmware/28
- version/rockwell automation compact guardlogix 5380 sil 3 firmware/33
- canonical/rockwell automation compact guardlogix 5380 firmware
- canonical/rockwell automation controllogix 5570
- version/rockwell automation controllogix 5570/20
- version/rockwell automation controllogix 5570/33
- canonical/rockwellautomation controllogix 5570 firmware
- version/rockwellautomation controllogix 5570 firmware/20
- version/rockwellautomation controllogix 5570 firmware/33
- canonical/controllogix 5570 redundancy firmware
- canonical/rockwell automation guardlogix 5570 controller firmware
- version/rockwell automation guardlogix 5570 controller firmware/20
- version/rockwell automation guardlogix 5570 controller firmware/33