Loading

PN1613 | Product Notice 1613: Logix Controllers Vulnerable to a Denial-of-Service Vulnerability

Severity:
High
Advisory ID:
PN1613
發佈日期:
January 25, 2023
最近更新:
September 08, 2025
Revision Number:
1.2
Known Exploited Vulnerability (KEV):
否
Corrected:
否
Workaround:
否
CVE IDs
CVE-2022-3157
摘要
Product Notice 1613: Logix Controllers Vulnerable to a Denial-of-Service Vulnerability

 

Revision History
Revision Number
1.2
Revision History
Version 1.0 – December 15, 2022
Version 1.1 – January 17, 2022 – Updated risk mitigation section
Version 1.2 – January 25, 2023 – Updated risk mitigation section
Version 1.3 - September 8. 2025 - Updated for readability

Executive Summary

Rockwell Automation was made aware of a denial-of-service security issue that impacts several versions of our GuardLogix® and ControlLogix® controllers. Use of this security issue could  lead to a breakdown in availability of the controller and/or a major non-recoverable fault (MNRF).

Customers using affected software versions should use the mitigations in this disclosure. Additional details relating to the discovered security issue, including the products in scope, impact, and recommended countermeasures, are below. We have not received any notice of this security issue being used in Rockwell Automation products.

Affected Products

  • CompactLogix™ 5370
  • Compact GuardLogix 5370
  • ControlLogix 5570
  • ControlLogix 5570 redundancy
  • GuardLogix 5570

Security Issue Details

CVE-2022-3157 Controllers vulnerable to Denial-of-Service Condition
A security issue exists in the Rockwell Automation controllers. It allows a malformed CIP™ request to cause a  (MNRF) and a denial-of-service condition (DOS).

CVSS Base Score:  8.6/10 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Risk Mitigation & User Action

This security issue has been addressed in newer versions of the products. Customers should use risk mitigations below and combine them with QA43240 - Recommended Security Guidelines from Rockwell Automation to employ multiple strategies simultaneously.

Products Affected

First Known Version Affected

Corrected In

CompactLogix 5370
ControlLogix 5570
GuardLogix 5570
20.011
  • 33.013
  • 34.011 and later
Compact GuardLogix 5370 28.011
  • 33.013
  • 34.011 and later
ControlLogix 5570 Redundancy 20.054
  • 33.052
  • 34.051 and later

Reference

  • CVE-2022-3157

Glossary

Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations

Major Nonrecoverable Fault (MNRF): an error that occurs in a system or device and prevents it from recovering or functioning properly

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 首頁 Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
請更新您的 cookie 設定以繼續.
此功能需要 cookie 來改善您的體驗。請更新您的設定以允許這些 cookie:
  • 社群媒體Cookie
  • 功能Cookie
  • 性能Cookie
  • 行銷Cookie
  • 全部Cookie
您可以隨時更新您的設定。想了解更多訊息,請參閱我們的 {0} 隱私政策
CloseClose