Remote code execution in Rockwell Automation Logix Controllers
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-1161 |
| CWE-ID | CWE-829 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
1768 CompactLogix Hardware solutions / Firmware 1769 CompactLogix Hardware solutions / Firmware CompactLogix 5370 Hardware solutions / Firmware CompactLogix 5380 Hardware solutions / Firmware CompactLogix 5480 Hardware solutions / Firmware Compact GuardLogix 5370 Hardware solutions / Firmware Compact GuardLogix 5380 Hardware solutions / Firmware ControlLogix 5550 Hardware solutions / Firmware ControlLogix 5560 Hardware solutions / Firmware ControlLogix 5570 Hardware solutions / Firmware ControlLogix 5580 Hardware solutions / Firmware GuardLogix 5560 Hardware solutions / Firmware GuardLogix 5570 Hardware solutions / Firmware GuardLogix 5580 Hardware solutions / Firmware FlexLogix 1794-L34 Hardware solutions / Firmware DriveLogix 5730 Hardware solutions / Firmware SoftLogix 5800 Hardware solutions / Firmware |
| Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Inclusion of Functionality from Untrusted Control Sphere
EUVDB-ID: #VU61791
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2022-1161
CWE-ID:
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to inclusion of functionality from untrusted control sphere. A remote attacker with the ability to modify a user program can change user program code on some control systems and execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions1768 CompactLogix: All versions
1769 CompactLogix: All versions
CompactLogix 5370: All versions
CompactLogix 5380: All versions
CompactLogix 5480: All versions
Compact GuardLogix 5370: All versions
Compact GuardLogix 5380: All versions
ControlLogix 5550: All versions
ControlLogix 5560: All versions
ControlLogix 5570: All versions
ControlLogix 5580: All versions
GuardLogix 5560: All versions
GuardLogix 5570: All versions
GuardLogix 5580: All versions
FlexLogix 1794-L34: All versions
DriveLogix 5730: All versions
SoftLogix 5800: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-22-090-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
