CVE-2022-3157

CVSS V2 None CVSS V3 None
Description
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
Overview
  • CVE ID
  • CVE-2022-3157
  • Assigner
  • PSIRT@rockwellautomation.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-16T21:15:08
  • Last Modified Date
  • 2022-12-22T19:18:56
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:rockwellautomation:compactlogix_5370_firmware:*:*:*:*:*:*:*:* 1 OR 20 33
cpe:2.3:h:rockwellautomation:compactlogix_5370:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:* 1 OR 28 33
cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:* 1 OR 28 33
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:* 1 OR 20 33
cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:controllogix_5570_redundancy_firmware:*:*:*:*:*:*:*:* 1 OR 20 33
cpe:2.3:h:rockwellautomation:controllogix_5570_redundancy:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:* 1 OR 20 33
cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2022-12-18 09:31:56 Added to TrackCVE
2022-12-21 07:02:59 2022-12-16T21:15:08.797 2022-12-16T21:15:08 CVE Published Date updated
2022-12-21 07:03:00 2022-12-16T22:03:40 CVE Modified Date updated
2022-12-21 07:03:00 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-21 07:03:01 Weakness Enumeration new
2022-12-22 20:15:31 2022-12-22T19:18:56 CVE Modified Date updated
2022-12-22 20:15:31 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-22 20:15:36 Weakness Enumeration update
2022-12-22 20:15:39 CPE Information updated