CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
icscertCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
rockwellautomationcompactlogix_1768-l43_firmware
*
rockwellautomationcompactlogix_1768-l45_firmware
*
rockwellautomationcompactlogix_1769-l31_firmware
*
rockwellautomationcompactlogix_1769-l32c_firmware
*
rockwellautomationcompactlogix_1769-l32e_firmware
*
rockwellautomationcompactlogix_1769-l35cr_firmware
*
rockwellautomationcompactlogix_1769-l35e_firmware
*
rockwellautomationcompactlogix_5370_l3_firmware
*
rockwellautomationcompactlogix_5370_l2_firmware
*
rockwellautomationcompactlogix_5370_l1_firmware
*
rockwellautomationcompactlogix_5380_firmware
*
rockwellautomationcompactlogix_5480_firmware
*
rockwellautomationcompact_guardlogix_5370_firmware
*
rockwellautomationcompact_guardlogix_5380_firmware
*
rockwellautomationcontrollogix_5550_firmware
*
rockwellautomationcontrollogix_5560_firmware
*
rockwellautomationcontrollogix_5570_firmware
*
rockwellautomationcontrollogix_5580_firmware
*
rockwellautomationguardlogix_5560_firmware
*
rockwellautomationguardlogix_5570_firmware
*
rockwellautomationguardlogix_5580_firmware
*
rockwellautomationflexlogix_1794-l34_firmware
*
rockwellautomationdrivelogix_5730_firmware
*
rockwellautomationsoftlogix_5800_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05