1. Home
  2. CVE Database
  3. CVE-2022-1161
CRITICAL · 10.0

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p...

Vulnerability Description

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
RockwellautomationCompactlogix 1768-L43 FirmwareAll versions
RockwellautomationCompactlogix 1768-L43-
RockwellautomationCompactlogix 1768-L45 FirmwareAll versions
RockwellautomationCompactlogix 1768-L45-
RockwellautomationCompactlogix 1769-L31 FirmwareAll versions
RockwellautomationCompactlogix 1769-L31-
RockwellautomationCompactlogix 1769-L32C FirmwareAll versions
RockwellautomationCompactlogix 1769-L32C-
RockwellautomationCompactlogix 1769-L32E FirmwareAll versions
RockwellautomationCompactlogix 1769-L32E-
RockwellautomationCompactlogix 1769-L35Cr FirmwareAll versions
RockwellautomationCompactlogix 1769-L35Cr-
RockwellautomationCompactlogix 1769-L35E FirmwareAll versions
RockwellautomationCompactlogix 1769-L35E-
RockwellautomationCompactlogix 5370 L3 FirmwareAll versions
RockwellautomationCompactlogix 5370 L3-
RockwellautomationCompactlogix 5370 L2 FirmwareAll versions
RockwellautomationCompactlogix 5370 L2-
RockwellautomationCompactlogix 5370 L1 FirmwareAll versions
RockwellautomationCompactlogix 5370 L1-

Related Weaknesses (CWE)

CWE-829

References

FAQ

What is CVE-2022-1161?

CVE-2022-1161 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p...

How severe is CVE-2022-1161?

CVE-2022-1161 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-1161?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Compactlogix 1768-L43 Firmware, Rockwellautomation Compactlogix 1768-L43, Rockwellautomation Compactlogix 1768-L45 Firmware, Rockwellautomation Compactlogix 1768-L45, Rockwellautomation Compactlogix 1769-L31 Firmware.