CVE-2022-3157

Published Dec 16, 2022

Last updated a year ago

CVSS high 7.5

Overview

Description: A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Source: PSIRT@rockwellautomation.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
PSIRT@rockwellautomation.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E12ADAE3-97B1-48BC-BE69-ED75667C1886"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EFE566E-F923-4357-9A81-CF80C9781460",
            "versionEndIncluding": "33",
            "versionStartIncluding": "20"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F951670-AF4D-4429-8BC1-79BDEF83B2C3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F56AE05D-6230-4540-B57D-F04ADC4AF81E",
            "versionEndIncluding": "33",
            "versionStartIncluding": "28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "62414E65-73C7-4172-B7BF-F40A66AFBB90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FFA0CB3-AAF6-4E96-B341-EA9EC76FB1EB",
            "versionEndIncluding": "33",
            "versionStartIncluding": "28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "482E2CD6-D484-486C-92F4-18432D107E30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E926CC52-8EBD-4B0B-86EF-0815028D5422",
            "versionEndIncluding": "33",
            "versionStartIncluding": "20"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_redundancy:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EF7B47C6-086E-45B2-A434-494379C4A0CC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundancy_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD1093B1-FA26-4EC5-8B47-34162E2F1645",
            "versionEndIncluding": "33",
            "versionStartIncluding": "20"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "321AE938-192A-4342-8608-ADC81F0B6582"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "297151D4-F4AE-4D52-B1BD-82BF13DD4228",
            "versionEndIncluding": "33",
            "versionStartIncluding": "20"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References