CVE-2022-1161

CRITICAL

10.0

Descripcion

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Detalles CVE

Puntuacion CVSS v3.110.0

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado4/11/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

rockwellautomation:compact_guardlogix_5370rockwellautomation:compact_guardlogix_5370_firmwarerockwellautomation:compact_guardlogix_5380rockwellautomation:compact_guardlogix_5380_firmwarerockwellautomation:compactlogix_1768-l43rockwellautomation:compactlogix_1768-l43_firmwarerockwellautomation:compactlogix_1768-l45rockwellautomation:compactlogix_1768-l45_firmwarerockwellautomation:compactlogix_1769-l31rockwellautomation:compactlogix_1769-l31_firmwarerockwellautomation:compactlogix_1769-l32crockwellautomation:compactlogix_1769-l32c_firmwarerockwellautomation:compactlogix_1769-l32erockwellautomation:compactlogix_1769-l32e_firmwarerockwellautomation:compactlogix_1769-l35crrockwellautomation:compactlogix_1769-l35cr_firmwarerockwellautomation:compactlogix_1769-l35erockwellautomation:compactlogix_1769-l35e_firmwarerockwellautomation:compactlogix_5370_l1rockwellautomation:compactlogix_5370_l1_firmwarerockwellautomation:compactlogix_5370_l2rockwellautomation:compactlogix_5370_l2_firmwarerockwellautomation:compactlogix_5370_l3rockwellautomation:compactlogix_5370_l3_firmwarerockwellautomation:compactlogix_5380rockwellautomation:compactlogix_5380_firmwarerockwellautomation:compactlogix_5480rockwellautomation:compactlogix_5480_firmwarerockwellautomation:controllogix_5550rockwellautomation:controllogix_5550_firmwarerockwellautomation:controllogix_5560rockwellautomation:controllogix_5560_firmwarerockwellautomation:controllogix_5570rockwellautomation:controllogix_5570_firmwarerockwellautomation:controllogix_5580rockwellautomation:controllogix_5580_firmwarerockwellautomation:drivelogix_5730rockwellautomation:drivelogix_5730_firmwarerockwellautomation:flexlogix_1794-l34rockwellautomation:flexlogix_1794-l34_firmwarerockwellautomation:guardlogix_5560rockwellautomation:guardlogix_5560_firmwarerockwellautomation:guardlogix_5570rockwellautomation:guardlogix_5570_firmwarerockwellautomation:guardlogix_5580rockwellautomation:guardlogix_5580_firmwarerockwellautomation:softlogix_5800rockwellautomation:softlogix_5800_firmware

Debilidades (CWE)

CWE-829

Referencias

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05(ics-cert@hq.dhs.gov)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.