Vulnerabilites related to Rockwell Automation - Studio 5000 Logix Designer
CVE-2022-1159 (GCVE-0-2022-1159)
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2025-04-16 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Studio 5000 Logix Designer |
Version: All |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:26.084154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:57:50.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Studio 5000 Logix Designer",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:51.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07"
}
],
"source": {
"advisory": "ICSA-22-090-07",
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Designer Code Injection",
"workarounds": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected hardware and software take risk mitigation steps listed below. Users are encouraged, when possible, to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nThere is no direct mitigation for this vulnerability in the Logix Designer application. However, a detection method is available to determine if the user program residing in the controller is identical to what was downloaded. This user program verification can be done by the following:\n\nOn-demand using the Logix Designer application Compare Tool v9 or later\nScheduled using FactoryTalk AssetCentre v12 or later user program verification (Available Fall 2022)\nTo leverage these detection capabilities, users are directed to upgrade to:\n\nStudio 5000 v34 software. or later\nCorresponding versions of Logix 5580, 5380, 5480, GuardLogix 5580 and Compact GuardLogix 5380 controller firmware.\nOne of the following compare tools\nLogix Designer application Compare Tool v9 or later \u2013 installed with Studio 5000 Logix Designer\nFactoryTalk AssetCentre v12 or later software (Available Fall 2022)\n\nThis user program comparison must be performed on an uncompromised workstation."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1159",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Studio 5000 Logix Designer Code Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Studio 5000 Logix Designer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07"
}
]
},
"source": {
"advisory": "ICSA-22-090-07",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected hardware and software take risk mitigation steps listed below. Users are encouraged, when possible, to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nThere is no direct mitigation for this vulnerability in the Logix Designer application. However, a detection method is available to determine if the user program residing in the controller is identical to what was downloaded. This user program verification can be done by the following:\n\nOn-demand using the Logix Designer application Compare Tool v9 or later\nScheduled using FactoryTalk AssetCentre v12 or later user program verification (Available Fall 2022)\nTo leverage these detection capabilities, users are directed to upgrade to:\n\nStudio 5000 v34 software. or later\nCorresponding versions of Logix 5580, 5380, 5480, GuardLogix 5580 and Compact GuardLogix 5380 controller firmware.\nOne of the following compare tools\nLogix Designer application Compare Tool v9 or later \u2013 installed with Studio 5000 Logix Designer\nFactoryTalk AssetCentre v12 or later software (Available Fall 2022)\n\nThis user program comparison must be performed on an uncompromised workstation."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1159",
"datePublished": "2022-04-01T22:17:51.000Z",
"dateReserved": "2022-03-29T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:57:50.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}