Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
25 Apr 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rockwellautomation factorytalk Services Platform
|
|
CPE | cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:* |
12 Apr 2022, 16:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rockwellautomation rslogix 5000
|
|
CPE | cpe:2.3:a:rockwellautomation:rslogix_5000:*:*:*:*:*:*:*:* |
11 Mar 2021, 19:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_1769:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:drivelogix_5560:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:rslogix_500:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_1768:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:drivelogix_1794-l34:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:* cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:* |
|
CWE | CWE-522 |
03 Mar 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-03 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-22681
Mitre link : CVE-2021-22681
CVE.ORG link : CVE-2021-22681
JSON object : View
Products Affected
rockwellautomation
- controllogix_5580
- controllogix_5560
- drivelogix_5560
- controllogix_5550
- compact_guardlogix_5370
- drivelogix_5730
- compactlogix_1768
- factorytalk_services_platform
- guardlogix_5570
- compact_guardlogix_5380
- compactlogix_1769
- guardlogix_5580
- compactlogix_5380
- studio_5000_logix_designer
- compactlogix_5370
- controllogix_5570
- drivelogix_1794-l34
- softlogix_5800
- rslogix_5000
- compactlogix_5480
CWE
CWE-522
Insufficiently Protected Credentials