CVE-2022-1797

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
References
Link Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 Permissions Required Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 Third Party Advisory US Government Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 Permissions Required Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:41

Type Values Removed Values Added
CVSS v2 : 7.8
v3 : 8.6
v2 : 7.8
v3 : 6.8
References () https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 - Permissions Required, Vendor Advisory () https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559 - Permissions Required, Vendor Advisory
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01 - Third Party Advisory, US Government Resource

Information

Published : 2022-06-02 14:15

Updated : 2024-11-21 06:41


NVD link : CVE-2022-1797

Mitre link : CVE-2022-1797

CVE.ORG link : CVE-2022-1797


JSON object : View

Products Affected

rockwellautomation

  • compactlogix_5480_firmware
  • controllogix_5580_firmware
  • compactlogix_5370_firmware
  • controllogix_5570_firmware
  • compactlogix_5380
  • compactlogix_5380_firmware
  • compactlogix_5370
  • compactlogix_5480
  • guardlogix_5580
  • controllogix_5570
  • guardlogix_5570
  • compact_guardlogix_5370_firmware
  • guardlogix_5580_firmware
  • compact_guardlogix_5370
  • controllogix_5580
  • guardlogix_5570_firmware
  • compact_guardlogix_5380
  • compact_guardlogix_5380_firmware
CWE
CWE-400

Uncontrolled Resource Consumption