CVE-2022-3752

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic 
loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload 
the user project file to bring the device back online and continue normal operation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
RockwellCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
rockwellautomationcompactlogix_5480_firmware
32.011 ≤
rockwellautomationcompactlogix_5580_firmware
31.011 ≤
rockwellautomationguardlogix_5580_firmware
32.011 ≤
rockwellautomationcompact_guardlogix_5380_firmware
31.011 ≤
rockwellautomationcompactlogix_5380_firmware
31.011 ≤
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664