Denial of service in Rockwell Automation GuardLogix and ControlLogix controllers

1) Input validation error

EUVDB-ID: #VU70642

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3157

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted CIP request and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CompactLogix 5370: 20 - 33

Compact GuardLogix 5370: 28 - 33

ControlLogix 5570: 20 - 33

ControlLogix 5570 redundancy: 20 - 33

GuardLogix 5570: 20 - 33

CPE2.3

• cpe:2.3:h:rockwell_automation:compactlogix_5370:*:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:compactlogix_5370:20:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:compactlogix_5370:33:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:compact_guardlogix_5370:*:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:compact_guardlogix_5370:28:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:compact_guardlogix_5370:33:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:controllogix_5570:*:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:controllogix_5570:20:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:controllogix_5570:33:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:controllogix5570_redundancy:*:*:*:*:*:*:*:
• cpe:2.3:h:rockwell_automation:guardlogix_5570:*:*:*:*:*:*:*:

External links

http://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.