8.6
CVE-2022-3157
- EPSS 0.51%
- Published 16.12.2022 21:15:08
- Last modified 21.11.2024 07:18:56
- Source PSIRT@rockwellautomation.com
- Teams watchlist Login
- Open Login
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Data is provided by the National Vulnerability Database (NVD)
Rockwellautomation ≫ Compactlogix 5370 Firmware Version >= 20 <= 33
Rockwellautomation ≫ Compact Guardlogix 5370 Firmware Version >= 28 <= 33
Rockwellautomation ≫ Compact Guardlogix 5380 Firmware Version >= 28 <= 33
Rockwellautomation ≫ Controllogix 5570 Firmware Version >= 20 <= 33
Rockwellautomation ≫ Controllogix 5570 Redundancy Firmware Version >= 20 <= 33
Rockwellautomation ≫ Guardlogix 5570 Firmware Version >= 20 <= 33
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.653 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.