Cyber Resilience

CVE-2022-1161

Critical

Published: 11 April 2022

Published
11 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0011 29.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-1161 is a critical-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Rockwellautomation Compactlogix 1768-L43 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code,…

more

allowing an attacker to change one and not the other.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rockwellautomation
compactlogix 1768-l43 firmware
all versions
rockwellautomation
compactlogix 1768-l45 firmware
all versions
rockwellautomation
compactlogix 1769-l31 firmware
all versions
rockwellautomation
compactlogix 1769-l32c firmware
all versions
rockwellautomation
compactlogix 1769-l32e firmware
all versions
rockwellautomation
compactlogix 1769-l35cr firmware
all versions
rockwellautomation
compactlogix 1769-l35e firmware
all versions
rockwellautomation
compactlogix 5370 l3 firmware
all versions
rockwellautomation
compactlogix 5370 l2 firmware
all versions
rockwellautomation
compactlogix 5370 l1 firmware
all versions
+14 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-829

Limiting P2P file sharing technology reduces inclusion of functionality or resources from untrusted external control spheres.

addresses: CWE-829

Enforcing installation policies prevents users from including functionality obtained from untrusted control spheres.

addresses: CWE-829

The inventory process requires identifying and recording the origin of all components, making inclusion of functionality from untrusted control spheres easier to detect during reviews.

addresses: CWE-829

Requiring approval and monitoring of maintenance tools prevents inclusion and execution of functionality obtained from untrusted sources.

addresses: CWE-829

Unowned portable devices represent untrusted control spheres; the prohibition prevents inclusion of functionality or data from such sources.

addresses: CWE-829

Strategy mandates assessment of third-party components and suppliers, directly reducing inclusion of functionality from untrusted control spheres.

addresses: CWE-829

Procedures can mandate supply-chain vetting and restrictions on functionality obtained from untrusted third-party or external control spheres.

addresses: CWE-829

Requires use of trusted sources and provenance tracking, tangibly limiting inclusion of functionality from untrusted control spheres.

References