Severity:
High
Advisory ID:
PN1639
Published Date:
August 23, 2023
Last Updated:
August 23, 2023
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2022-1737
Summary
Select Distributed I/O Communication Modules vulnerable to a Denial-of-Service Vulnerability
Revision History
Revision Number
1.0
Revision History
Version 1.0 – August 23, 2023
Affected Products
| Affected Product | First Known in Firmware Version | Corrected in Firmware Version |
| 1734-AENT/1734-AENTR Series C | <=7.011 | 7.013 |
| 1734-AENT/1734-AENTR Series B | <=5.019 | 5.021 |
| 1738-AENT/ 1738-AENTR Series B | <=6.011 | 6.013 |
| 1794-AENTR Series A | <=2.011 | 2.012 |
| 1732E-16CFGM12QCWR Series A | <=3.011 | 3.012 |
| 1732E-12X4M12QCDR Series A | <=3.011 | 3.012 |
| 1732E-16CFGM12QCR Series A | <=3.011 | 3.012 |
| 1732E-16CFGM12P5QCR Series A | <=3.011 | 3.012 |
| 1732E-12X4M12P5QCDR Series A | <=3.011 | 3.012 |
| 1732E-16CFGM12P5QCWR Series B | <=3.011 | 3.012 |
| 1732E-IB16M12R Series B | <=3.011 | 3.012 |
| 1732E-OB16M12R Series B | <=3.011 | 3.012 |
| 1732E-16CFGM12R Series B | <=3.011 | 3.012 |
| 1732E-IB16M12DR Series B | <=3.011 | 3.012 |
| 1732E-OB16M12DR Series B | <=3.011 | 3.012 |
| 1732E-8X8M12DR Series B | <=3.011 | 3.012 |
| 1799ER-IQ10XOQ10 Series B | <=3.011 | 3.012 |
Vulnerability Details
This issue was reported to Rockwell Automation by the Cybersecurity and Infrastructure Security Agency. The affected devices utilize the Pyramid Solutions EtherNet/IP Adapter kit and are could potentially be affected by the vulnerability.
CVE-2022-1737 IMPACT
Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner may be vulnerable to an out-of-bounds write, which may allow an unauthorized threat actor to send a specially crafted packet that may result in a denial-of-service condition.
Known Exploited Vulnerability (KEV) database:
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
CVE-2022-1737 IMPACT
Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner may be vulnerable to an out-of-bounds write, which may allow an unauthorized threat actor to send a specially crafted packet that may result in a denial-of-service condition.
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE: CWE-787 Out-of-Bounds WriteKnown Exploited Vulnerability (KEV) database:
NoCustomers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Risk Mitigation & User Action
Customers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of vulnerability.
- Customers should upgrade to the corrected firmware to mitigate the issues.
- QA43240 - Recommended Security Guidelines from Rockwell Automation
Additional Resources
Copyright ©2022 Rockwell Automation, Inc.