Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-07 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Information
Published : 2022-04-01 16:15
Updated : 2022-04-08 13:12
NVD link : CVE-2022-1159
Mitre link : CVE-2022-1159
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
rockwellautomation
- compactlogix_5480
- guardlogix_5580_firmware
- compact_guardlogix_5380_firmware
- guardlogix_5580
- compact_guardlogix_5380
- controllogix_5580_firmware
- controllogix_5580
- compactlogix_5380
- compactlogix_5380_firmware
- compactlogix_5480_firmware