CVE-2022-1797

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
icscertCNA
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
rockwellautomationcompactlogix_5380_firmware
𝑥
< 33.011
rockwellautomationcompact_guardlogix_5380_firmware
𝑥
< 33.011
rockwellautomationcompactlogix_5480_firmware
𝑥
< 33.011
rockwellautomationcontrollogix_5580_firmware
𝑥
< 33.011
rockwellautomationguardlogix_5580_firmware
𝑥
< 33.011
rockwellautomationcompactlogix_5370_firmware
𝑥
< 34.011
rockwellautomationcompact_guardlogix_5370_firmware
𝑥
< 34.011
rockwellautomationcontrollogix_5570_firmware
𝑥
< 34.011
rockwellautomationguardlogix_5570_firmware
𝑥
< 34.011
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559
https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1135559
https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-01