8.6
CVE-2022-3157
- EPSS 0.51%
- Veröffentlicht 16.12.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 07:18:56
- Quelle PSIRT@rockwellautomation.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Compactlogix 5370 Firmware Version >= 20 <= 33
Rockwellautomation ≫ Compact Guardlogix 5370 Firmware Version >= 28 <= 33
Rockwellautomation ≫ Compact Guardlogix 5380 Firmware Version >= 28 <= 33
Rockwellautomation ≫ Controllogix 5570 Firmware Version >= 20 <= 33
Rockwellautomation ≫ Controllogix 5570 Redundancy Firmware Version >= 20 <= 33
Rockwellautomation ≫ Guardlogix 5570 Firmware Version >= 20 <= 33
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.