#VU61791 Inclusion of Functionality from Untrusted Control Sphere in Rockwell Automation Hardware solutions
Vulnerability identifier: #VU61791
Vulnerability risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-829
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
1768 CompactLogix
Hardware solutions /
Firmware
1769 CompactLogix
Hardware solutions /
Firmware
CompactLogix 5370
Hardware solutions /
Firmware
CompactLogix 5380
Hardware solutions /
Firmware
CompactLogix 5480
Hardware solutions /
Firmware
Compact GuardLogix 5370
Hardware solutions /
Firmware
Compact GuardLogix 5380
Hardware solutions /
Firmware
ControlLogix 5550
Hardware solutions /
Firmware
ControlLogix 5560
Hardware solutions /
Firmware
ControlLogix 5570
Hardware solutions /
Firmware
ControlLogix 5580
Hardware solutions /
Firmware
GuardLogix 5560
Hardware solutions /
Firmware
GuardLogix 5570
Hardware solutions /
Firmware
GuardLogix 5580
Hardware solutions /
Firmware
FlexLogix 1794-L34
Hardware solutions /
Firmware
DriveLogix 5730
Hardware solutions /
Firmware
SoftLogix 5800
Hardware solutions /
Firmware
Vendor: Rockwell Automation
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to inclusion of functionality from untrusted control sphere. A remote attacker with the ability to modify a user program can change user program code on some control systems and execute arbitrary code on the target system.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
1768 CompactLogix: All versions
1769 CompactLogix: All versions
CompactLogix 5370: All versions
CompactLogix 5380: All versions
CompactLogix 5480: All versions
Compact GuardLogix 5370: All versions
Compact GuardLogix 5380: All versions
ControlLogix 5550: All versions
ControlLogix 5560: All versions
ControlLogix 5570: All versions
ControlLogix 5580: All versions
GuardLogix 5560: All versions
GuardLogix 5570: All versions
GuardLogix 5580: All versions
FlexLogix 1794-L34: All versions
DriveLogix 5730: All versions
SoftLogix 5800: All versions
External links
http://ics-cert.us-cert.gov/advisories/icsa-22-090-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
