Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-5w24-2pmc-xhp3
Vulnerability from github
Published
2022-06-03 00:01
Modified
2022-06-12 00:00
Severity ?
VLAI Severity ?
Details
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
{
"affected": [],
"aliases": [
"CVE-2022-1797"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.",
"id": "GHSA-5w24-2pmc-xhp3",
"modified": "2022-06-12T00:00:47Z",
"published": "2022-06-03T00:01:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1797"
},
{
"type": "WEB",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2022-1797 (GCVE-0-2022-1797)
Vulnerability from cvelistv5
Published
2022-05-31 19:04
Modified
2025-04-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Rockwell Automation | CompactLogix 5380 controllers |
Version: unspecified < |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:51:38.108033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:17:49.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CompactLogix 5380 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "32.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Compact GuardLogix 5380 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "32.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CompactLogix 5480 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "32.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ControlLogix 5580 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "32.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "GuardLogix 5580 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "32.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CompactLogix 5370 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Compact GuardLogix 5370 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "ControlLogix 5570 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.013",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "GuardLogix 5570 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "33.013"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T19:04:44.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation\u0027s Product Compatibility \u0026 Download Center to download the latest firmware.\n\nCompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware\nCompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rockwell Automation Logix Controllers Uncontrolled Resource Consumption",
"workarounds": [
{
"lang": "en",
"value": "If upgrading is not possible, Rockwell Automation recommends the following mitigations:\nUse of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.\nConfirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-1797",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Logix Controllers Uncontrolled Resource Consumption"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CompactLogix 5380 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "32.013"
}
]
}
},
{
"product_name": "Compact GuardLogix 5380 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": " 32.013"
}
]
}
},
{
"product_name": "CompactLogix 5480 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "32.013"
}
]
}
},
{
"product_name": "ControlLogix 5580 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "32.013"
}
]
}
},
{
"product_name": "GuardLogix 5580 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "32.013"
}
]
}
},
{
"product_name": "CompactLogix 5370 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "33.013"
}
]
}
},
{
"product_name": "Compact GuardLogix 5370 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "33.013"
}
]
}
},
{
"product_name": "ControlLogix 5570 controllers",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "33.013"
}
]
}
},
{
"product_name": "GuardLogix 5570 controllers",
"version": {
"version_data": [
{
"version_value": "33.013"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rockwell Automation discovered this vulnerability during routine security testing and reported it to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation\u0027s Product Compatibility \u0026 Download Center to download the latest firmware.\n\nCompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware\nCompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "If upgrading is not possible, Rockwell Automation recommends the following mitigations:\nUse of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.\nConfirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nPlease see Rockwell Automation\u2019s security advisory PN1596 for more information.\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-1797",
"datePublished": "2022-05-31T19:04:44.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:17:49.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…