CVE-2022-1161

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-1161
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1768-l43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768-l43:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1768-l45_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768-l45:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l31:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l32c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l32c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l32e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l32e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l35cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l35cr:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l35e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l35e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:rockwellautomation:flexlogix_1794-l34_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:flexlogix_1794-l34:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:rockwellautomation:drivelogix_5730_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:rockwellautomation:softlogix_5800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*
History

18 Apr 2022, 14:23

Type Values Removed Values Added
First Time Rockwellautomation compactlogix 5370 L3
Rockwellautomation flexlogix 1794-l34 Firmware
Rockwellautomation compactlogix 1769-l35e
Rockwellautomation compactlogix 1768-l43 Firmware
Rockwellautomation flexlogix 1794-l34
Rockwellautomation compactlogix 5370 L1
Rockwellautomation compactlogix 1768-l45 Firmware
Rockwellautomation drivelogix 5730
Rockwellautomation compactlogix 5370 L2 Firmware
Rockwellautomation compactlogix 1769-l35cr Firmware
Rockwellautomation compactlogix 5480 Firmware
Rockwellautomation guardlogix 5560
Rockwellautomation compactlogix 1769-l32e
Rockwellautomation guardlogix 5570
Rockwellautomation controllogix 5550 Firmware
Rockwellautomation guardlogix 5560 Firmware
Rockwellautomation compactlogix 5480
Rockwellautomation compactlogix 1769-l35e Firmware
Rockwellautomation softlogix 5800
Rockwellautomation compact Guardlogix 5370
Rockwellautomation controllogix 5580
Rockwellautomation controllogix 5550
Rockwellautomation compactlogix 5370 L3 Firmware
Rockwellautomation compactlogix 1768-l45
Rockwellautomation controllogix 5580 Firmware
Rockwellautomation controllogix 5570
Rockwellautomation compactlogix 1769-l31
Rockwellautomation
Rockwellautomation compactlogix 1769-l35cr
Rockwellautomation guardlogix 5580
Rockwellautomation compactlogix 5370 L1 Firmware
Rockwellautomation compactlogix 1769-l32c Firmware
Rockwellautomation compact Guardlogix 5380
Rockwellautomation compact Guardlogix 5380 Firmware
Rockwellautomation compactlogix 5380 Firmware
Rockwellautomation softlogix 5800 Firmware
Rockwellautomation compactlogix 1769-l31 Firmware
Rockwellautomation guardlogix 5570 Firmware
Rockwellautomation controllogix 5570 Firmware
Rockwellautomation compactlogix 5380
Rockwellautomation compactlogix 1769-l32e Firmware
Rockwellautomation compactlogix 5370 L2
Rockwellautomation drivelogix 5730 Firmware
Rockwellautomation controllogix 5560 Firmware
Rockwellautomation compactlogix 1769-l32c
Rockwellautomation compact Guardlogix 5370 Firmware
Rockwellautomation guardlogix 5580 Firmware
Rockwellautomation controllogix 5560
Rockwellautomation compactlogix 1768-l43
CPE cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l31:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l35cr:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l32e:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:drivelogix_5730_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768-l45:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:flexlogix_1794-l34_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1769-l31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l35e:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1769-l32e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1769-l32c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1769-l35e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1768-l45_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:softlogix_5800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:flexlogix_1794-l34:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1769-l35cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l32c:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768-l43:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_1768-l43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 - Third Party Advisory, US Government Resource

11 Apr 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-04-11 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-1161

Mitre link : CVE-2022-1161

CVE.ORG link : CVE-2022-1161

JSON object : View

Products Affected

rockwellautomation

  • compactlogix_1769-l32e_firmware
  • controllogix_5560_firmware
  • guardlogix_5580_firmware
  • compactlogix_1769-l35e
  • compactlogix_5370_l3
  • compactlogix_5370_l2
  • compact_guardlogix_5370_firmware
  • guardlogix_5560
  • guardlogix_5570_firmware
  • compactlogix_1769-l35cr
  • compactlogix_1769-l32c_firmware
  • guardlogix_5560_firmware
  • compactlogix_1769-l31_firmware
  • controllogix_5550_firmware
  • compactlogix_1768-l43
  • compactlogix_5370_l3_firmware
  • compactlogix_1769-l32c
  • compactlogix_5480_firmware
  • compactlogix_1768-l43_firmware
  • compactlogix_5380
  • controllogix_5580_firmware
  • flexlogix_1794-l34
  • drivelogix_5730_firmware
  • drivelogix_5730
  • compactlogix_1768-l45
  • compactlogix_1769-l31
  • softlogix_5800_firmware
  • compactlogix_1768-l45_firmware
  • compactlogix_5370_l1
  • controllogix_5570_firmware
  • softlogix_5800
  • compactlogix_1769-l32e
  • compactlogix_5380_firmware
  • guardlogix_5580
  • controllogix_5570
  • controllogix_5560
  • compactlogix_5370_l2_firmware
  • compactlogix_5370_l1_firmware
  • compact_guardlogix_5370
  • compactlogix_5480
  • compactlogix_1769-l35cr_firmware
  • compact_guardlogix_5380
  • controllogix_5550
  • controllogix_5580
  • guardlogix_5570
  • flexlogix_1794-l34_firmware
  • compact_guardlogix_5380_firmware
  • compactlogix_1769-l35e_firmware
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere