Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack
CVE-2022-3752

8.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Compactlogix 5480; Controllogix 5580; Guardlogix 5580; Compact Guardlogix 5380
Vendor: CVE Published:; 19 December 2022

Summary

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Affected Version(s)

Compact GuardLogix 5380 31.011 and later

CompactLogix 5380 31.011 and later

CompactLogix 5480 32.011 and later

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Oct 28, 2022