Vulnerability in Rockwell Automation 1768 Compactlogix Controllers
CVE-2022-1161
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than…
EPSS: 0.050 (91.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Rockwell Automation 1768 Compactlogix Controllers — versions All all
- Rockwell Automation 1769 Compactlogix Controllers — versions all
- Rockwell Automation Compact Guardlogix 5370 Controllers — versions all
- Rockwell Automation Compact Guardlogix 5380 Controllers — versions all
- Rockwell Automation Compactlogix 5370 Controllers — versions all
- Rockwell Automation Compactlogix 5380 Controllers — versions all
- Rockwell Automation Compactlogix 5480 Controllers — versions all
- Rockwell Automation Controllogix 5550 Controllers — versions all
- Rockwell Automation Controllogix 5560 Controllers — versions all
- Rockwell Automation Controllogix 5570 Controllers — versions all
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-1161?
- CVE-2022-1161 is a critical-severity vulnerability in Rockwell Automation 1768 Compactlogix Controllers, classified under Inclusion of Functionality from Untrusted Control Sphere. CVSS score: 10.0/10. Published 2022-04-11.
- How severe is CVE-2022-1161?
- Critical severity. CVSS v3 base score is 10.0 out of 10.