Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-3752

Опубликовано: 19 дек. 2022
Источник: nvd
CVSS3: 8.6
CVSS3: 7.5
EPSS Низкий

Описание

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
Версия от 32.011 (включая)
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:rockwellautomation:compactlogix_5580_firmware:*:*:*:*:*:*:*:*
Версия от 31.011 (включая)
cpe:2.3:h:rockwellautomation:compactlogix_5580:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
Версия от 32.011 (включая)
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*
Версия от 31.011 (включая)
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
Версия от 31.011 (включая)
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.01501
Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-q432-7rqq-8cfj

CVSS3: 7.5
github
около 3 лет назад

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

EPSS

Процентиль: 81%
0.01501
Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo