TROYANOSYVIRUS
Retour aux CVEs

CVE-2022-1161

CRITICAL
10.0

Description

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Details CVE

Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/11/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

rockwellautomation:compact_guardlogix_5370rockwellautomation:compact_guardlogix_5370_firmwarerockwellautomation:compact_guardlogix_5380rockwellautomation:compact_guardlogix_5380_firmwarerockwellautomation:compactlogix_1768-l43rockwellautomation:compactlogix_1768-l43_firmwarerockwellautomation:compactlogix_1768-l45rockwellautomation:compactlogix_1768-l45_firmwarerockwellautomation:compactlogix_1769-l31rockwellautomation:compactlogix_1769-l31_firmwarerockwellautomation:compactlogix_1769-l32crockwellautomation:compactlogix_1769-l32c_firmwarerockwellautomation:compactlogix_1769-l32erockwellautomation:compactlogix_1769-l32e_firmwarerockwellautomation:compactlogix_1769-l35crrockwellautomation:compactlogix_1769-l35cr_firmwarerockwellautomation:compactlogix_1769-l35erockwellautomation:compactlogix_1769-l35e_firmwarerockwellautomation:compactlogix_5370_l1rockwellautomation:compactlogix_5370_l1_firmwarerockwellautomation:compactlogix_5370_l2rockwellautomation:compactlogix_5370_l2_firmwarerockwellautomation:compactlogix_5370_l3rockwellautomation:compactlogix_5370_l3_firmwarerockwellautomation:compactlogix_5380rockwellautomation:compactlogix_5380_firmwarerockwellautomation:compactlogix_5480rockwellautomation:compactlogix_5480_firmwarerockwellautomation:controllogix_5550rockwellautomation:controllogix_5550_firmwarerockwellautomation:controllogix_5560rockwellautomation:controllogix_5560_firmwarerockwellautomation:controllogix_5570rockwellautomation:controllogix_5570_firmwarerockwellautomation:controllogix_5580rockwellautomation:controllogix_5580_firmwarerockwellautomation:drivelogix_5730rockwellautomation:drivelogix_5730_firmwarerockwellautomation:flexlogix_1794-l34rockwellautomation:flexlogix_1794-l34_firmwarerockwellautomation:guardlogix_5560rockwellautomation:guardlogix_5560_firmwarerockwellautomation:guardlogix_5570rockwellautomation:guardlogix_5570_firmwarerockwellautomation:guardlogix_5580rockwellautomation:guardlogix_5580_firmwarerockwellautomation:softlogix_5800rockwellautomation:softlogix_5800_firmware

Faiblesses (CWE)

CWE-829

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05(ics-cert@hq.dhs.gov)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.