CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1768-l43_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768-l43:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1768-l45_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1768-l45:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l31_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l31:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l32c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l32c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l32e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l32e:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l35cr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l35cr:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_1769-l35e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_1769-l35e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5550:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5560:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:rockwellautomation:flexlogix_1794-l34_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:flexlogix_1794-l34:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:rockwellautomation:drivelogix_5730_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:drivelogix_5730:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:rockwellautomation:softlogix_5800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:softlogix_5800:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-11 20:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-1161

Mitre link : CVE-2022-1161

CVE.ORG link : CVE-2022-1161


JSON object : View

Products Affected

rockwellautomation

  • compactlogix_1768-l45
  • controllogix_5570
  • guardlogix_5570_firmware
  • flexlogix_1794-l34_firmware
  • compactlogix_1769-l35cr
  • compactlogix_1769-l32e_firmware
  • compactlogix_1769-l35e
  • compactlogix_5370_l3_firmware
  • controllogix_5550
  • compactlogix_1769-l35cr_firmware
  • compact_guardlogix_5370
  • compact_guardlogix_5380_firmware
  • guardlogix_5580
  • compactlogix_1768-l43_firmware
  • guardlogix_5560_firmware
  • controllogix_5580
  • guardlogix_5580_firmware
  • controllogix_5580_firmware
  • compactlogix_1769-l32c_firmware
  • compactlogix_5370_l3
  • compactlogix_1768-l45_firmware
  • compact_guardlogix_5380
  • controllogix_5570_firmware
  • compactlogix_1769-l32e
  • compactlogix_5370_l2
  • drivelogix_5730
  • flexlogix_1794-l34
  • softlogix_5800_firmware
  • compactlogix_1769-l35e_firmware
  • drivelogix_5730_firmware
  • compact_guardlogix_5370_firmware
  • compactlogix_1769-l31_firmware
  • compactlogix_5380
  • compactlogix_5380_firmware
  • compactlogix_1769-l31
  • compactlogix_5480
  • guardlogix_5570
  • guardlogix_5560
  • controllogix_5550_firmware
  • compactlogix_5370_l1_firmware
  • compactlogix_5370_l1
  • compactlogix_1768-l43
  • controllogix_5560
  • controllogix_5560_firmware
  • compactlogix_5370_l2_firmware
  • compactlogix_1769-l32c
  • compactlogix_5480_firmware
  • softlogix_5800
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere