CVE-2022-1159 - OpenCVE

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rockwellautomation	Controllogix 5580 Controllogix 5580 Firmware Guardlogix 5580 Compact Guardlogix 5380 Firmware Compactlogix 5480 Compactlogix 5380 Compact Guardlogix 5380 Compactlogix 5380 Firmware Guardlogix 5580 Firmware Compactlogix 5480 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2022-04-01T22:17:51

Updated: 2022-04-01T22:17:51

Reserved: 2022-03-29T00:00:00

Link: CVE-2022-1159

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-01T23:15:12.813

Modified: 2022-04-08T20:12:43.083

Link: CVE-2022-1159

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "Studio 5000 Logix Designer", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "All"}]}], "credits": [{"lang": "en", "value": "Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to Rockwell Automation."}], "descriptions": [{"lang": "en", "value": "Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-01T22:17:51", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07"}], "source": {"advisory": "ICSA-22-090-07", "discovery": "UNKNOWN"}, "title": "Rockwell Automation Studio 5000 Logix Designer Code Injection", "workarounds": [{"lang": "en", "value": "Rockwell Automation recommends users of the affected hardware and software take risk mitigation steps listed below. Users are encouraged, when possible, to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nThere is no direct mitigation for this vulnerability in the Logix Designer application. However, a detection method is available to determine if the user program residing in the controller is identical to what was downloaded. This user program verification can be done by the following:\n\nOn-demand using the Logix Designer application Compare Tool v9 or later\nScheduled using FactoryTalk AssetCentre v12 or later user program verification (Available Fall 2022)\nTo leverage these detection capabilities, users are directed to upgrade to:\n\nStudio 5000 v34 software. or later\nCorresponding versions of Logix 5580, 5380, 5480, GuardLogix 5580 and Compact GuardLogix 5380 controller firmware.\nOne of the following compare tools\nLogix Designer application Compare Tool v9 or later \u2013 installed with Studio 5000 Logix Designer\nFactoryTalk AssetCentre v12 or later software (Available Fall 2022)\n\nThis user program comparison must be performed on an uncompromised workstation."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-1159", "STATE": "PUBLIC", "TITLE": "Rockwell Automation Studio 5000 Logix Designer Code Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Studio 5000 Logix Designer", "version": {"version_data": [{"version_affected": "=", "version_value": "All"}]}}]}, "vendor_name": "Rockwell Automation"}]}}, "credit": [{"lang": "eng", "value": "Sharon Brizinov and Tal Keren of Claroty reported this vulnerability to Rockwell Automation."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07"}]}, "source": {"advisory": "ICSA-22-090-07", "discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Rockwell Automation recommends users of the affected hardware and software take risk mitigation steps listed below. Users are encouraged, when possible, to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nThere is no direct mitigation for this vulnerability in the Logix Designer application. However, a detection method is available to determine if the user program residing in the controller is identical to what was downloaded. This user program verification can be done by the following:\n\nOn-demand using the Logix Designer application Compare Tool v9 or later\nScheduled using FactoryTalk AssetCentre v12 or later user program verification (Available Fall 2022)\nTo leverage these detection capabilities, users are directed to upgrade to:\n\nStudio 5000 v34 software. or later\nCorresponding versions of Logix 5580, 5380, 5480, GuardLogix 5580 and Compact GuardLogix 5380 controller firmware.\nOne of the following compare tools\nLogix Designer application Compare Tool v9 or later \u2013 installed with Studio 5000 Logix Designer\nFactoryTalk AssetCentre v12 or later software (Available Fall 2022)\n\nThis user program comparison must be performed on an uncompromised workstation."}]}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1159", "datePublished": "2022-04-01T22:17:51", "dateReserved": "2022-03-29T00:00:00", "dateUpdated": "2022-04-01T22:17:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1B751BB-5C55-46BD-A15D-CCCA9699FC5D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", "matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1829B090-7E73-4712-8235-F4C8D53D229F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", "matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6164C08-2D51-4926-8724-DBB6F15AFF8E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB52219D-FA84-436A-9985-CC213FB0CA8E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F84096B0-5D14-408A-ACB6-E16B23D01DB5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", "matchCriteriaId": "62414E65-73C7-4172-B7BF-F40A66AFBB90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user."}, {"lang": "es", "value": "Rockwell Automation Studio 5000 Logix Designer (todas las versiones) son vulnerables cuando un atacante que logra acceso de administrador en una estaci\u00f3n de trabajo que ejecuta Studio 5000 Logix Designer podr\u00eda inyectar c\u00f3digo de controlador no detectable para un usuario"}], "id": "CVE-2022-1159", "lastModified": "2022-04-08T20:12:43.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-04-01T23:15:12.813", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}