First published: Fri Dec 16 2022(Updated: )
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Credit: PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Compactlogix 5370 Firmware | >=20<=33 | |
Rockwellautomation Compactlogix 5370 | ||
Rockwellautomation Compact Guardlogix 5370 Firmware | >=28<=33 | |
Rockwellautomation Compact Guardlogix 5370 | ||
Rockwellautomation Compact Guardlogix 5380 Firmware | >=28<=33 | |
Rockwellautomation Compact Guardlogix 5380 | ||
Rockwellautomation Controllogix 5570 Firmware | >=20<=33 | |
Rockwellautomation Controllogix 5570 | ||
Rockwellautomation Controllogix 5570 Redundancy Firmware | >=20<=33 | |
Rockwellautomation Controllogix 5570 Redundancy | ||
Rockwellautomation Guardlogix 5570 Firmware | >=20<=33 | |
Rockwellautomation Guardlogix 5570 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3157 is a vulnerability that exists in the Rockwell Automation controllers and can cause a major non-recoverable fault (MNRF) and a denial-of-service (DoS) condition.
CVE-2022-3157 has a severity value of 7.5, which is considered high.
CVE-2022-3157 affects Rockwell Automation CompactLogix 5370 Firmware versions 20 to 33, and Compact GuardLogix 5370/5380 Firmware versions 28 to 33.
CVE-2022-3157 can be exploited by sending a malformed CIP request to the vulnerable Rockwell Automation controllers.
To fix CVE-2022-3157, it is recommended to apply the necessary security patches and updates provided by Rockwell Automation.