Loading

PN1613 | Product Notice 1613: Logix Controllers Vulnerable to a Denial-of-Service Vulnerability

Severity:
High
Advisory ID:
PN1613
公開日:
January 25, 2023
最終更新日:
September 08, 2025
Revision Number:
1.2
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2022-3157
概要
Product Notice 1613: Logix Controllers Vulnerable to a Denial-of-Service Vulnerability

 

Revision History
Revision Number
1.2
Revision History
Version 1.0 – December 15, 2022
Version 1.1 – January 17, 2022 – Updated risk mitigation section
Version 1.2 – January 25, 2023 – Updated risk mitigation section
Version 1.3 - September 8. 2025 - Updated for readability

Executive Summary

Rockwell Automation was made aware of a denial-of-service security issue that impacts several versions of our GuardLogix® and ControlLogix® controllers. Use of this security issue could  lead to a breakdown in availability of the controller and/or a major non-recoverable fault (MNRF).

Customers using affected software versions should use the mitigations in this disclosure. Additional details relating to the discovered security issue, including the products in scope, impact, and recommended countermeasures, are below. We have not received any notice of this security issue being used in Rockwell Automation products.

Affected Products

  • CompactLogix™ 5370
  • Compact GuardLogix 5370
  • ControlLogix 5570
  • ControlLogix 5570 redundancy
  • GuardLogix 5570

Security Issue Details

CVE-2022-3157 Controllers vulnerable to Denial-of-Service Condition
A security issue exists in the Rockwell Automation controllers. It allows a malformed CIP™ request to cause a  (MNRF) and a denial-of-service condition (DOS).

CVSS Base Score:  8.6/10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Risk Mitigation & User Action

This security issue has been addressed in newer versions of the products. Customers should use risk mitigations below and combine them with QA43240 - Recommended Security Guidelines from Rockwell Automation to employ multiple strategies simultaneously.

Products Affected

First Known Version Affected

Corrected In

CompactLogix 5370
ControlLogix 5570
GuardLogix 5570
20.011
  • 33.013
  • 34.011 and later
Compact GuardLogix 5370 28.011
  • 33.013
  • 34.011 and later
ControlLogix 5570 Redundancy 20.054
  • 33.052
  • 34.051 and later

Reference

  • CVE-2022-3157

Glossary

Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations

Major Nonrecoverable Fault (MNRF): an error that occurs in a system or device and prevents it from recovering or functioning properly

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose