CVE-2022-3157

EUVD-2022-42581
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
RockwellCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
rockwellautomationcompactlogix_5370_firmware
20 ≤
𝑥
≤ 33
rockwellautomationcompact_guardlogix_5370_firmware
28 ≤
𝑥
≤ 33
rockwellautomationcompact_guardlogix_5380_firmware
28 ≤
𝑥
≤ 33
rockwellautomationcontrollogix_5570_firmware
20 ≤
𝑥
≤ 33
rockwellautomationcontrollogix_5570_redundancy_firmware
20 ≤
𝑥
≤ 33
rockwellautomationguardlogix_5570_firmware
20 ≤
𝑥
≤ 33
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757