Rockwell Automation Studio 5000 Logix Designer Code Injection
CVE-2022-1159

7.7HIGH

Key Information:

Vendor: Rockwell Automation
Status: Studio 5000 Logix Designer
Vendor: CVE Published:; 1 April 2022

Summary

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.

Affected Version(s)

Studio 5000 Logix Designer All

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2022
Vulnerability Reserved
Mar 29, 2022

Credit

Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to Rockwell Automation.