CVE-2022-1161

ICSA-22-090-05 Rockwell Automation Logix Controllers

CVSS 10 CRITICALEPSS 4.9%CWE-829

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Rockwell Automation · 1768 CompactLogix controllers Rockwell Automation · 1769 CompactLogix controllers Rockwell Automation · Compact GuardLogix 5370 controllers Rockwell Automation · Compact GuardLogix 5380 controllers Rockwell Automation · CompactLogix 5370 controllers Rockwell Automation · CompactLogix 5380 controllers Rockwell Automation · CompactLogix 5480 controllers Rockwell Automation · ControlLogix 5550 controllers Rockwell Automation · ControlLogix 5560 controllers Rockwell Automation · ControlLogix 5570 controllers Rockwell Automation · ControlLogix 5580 controllers Rockwell Automation · DriveLogix 5730 controllers Rockwell Automation · FlexLogix 1794-L34 controllers Rockwell Automation · GuardLogix 5560 controllers Rockwell Automation · GuardLogix 5570 controllers Rockwell Automation · GuardLogix 5580 controllers Rockwell Automation · SoftLogix 5800 controllers

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05