Description
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Rockwell Automation / 1768 CompactLogix controllersAll all – All all
- Rockwell Automation / 1769 CompactLogix controllersall – all
- Rockwell Automation / Compact GuardLogix 5370 controllersall – all
- Rockwell Automation / Compact GuardLogix® 5380 controllersall – all
- Rockwell Automation / CompactLogix 5370 controllersall – all
- Rockwell Automation / CompactLogix 5380 controllersall – all
- Rockwell Automation / CompactLogix 5480 controllersall – all
- Rockwell Automation / ControlLogix 5550 controllersall – all
- Rockwell Automation / ControlLogix 5560 controllersall – all
- Rockwell Automation / ControlLogix 5570 controllersall – all
- Rockwell Automation / ControlLogix 5580 controllersall – all
- Rockwell Automation / DriveLogix 5730 controllersall – all
- Rockwell Automation / FlexLogix 1794-L34 controllersall – all
- Rockwell Automation / GuardLogix 5560 controllersall – all
- Rockwell Automation / GuardLogix 5570 controllersall – all
- Rockwell Automation / GuardLogix 5580 controllersall – all
- Rockwell Automation / SoftLogix 5800 controllersall – all
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05