CVE-2022-1159:
Rockwell Automation Studio 5000 Logix Designer (all versions) is vulnerable to code injection by an attacker who gains administrator access on a workstation running the software, enabling injection of controller code undetectable to users. The vulnerability has a CVSS v3.1 base score of 7.7 (HIGH) with local attack vector, high privileges required, user interaction, and a changed scope affecting confidentiality, integrity, and availability.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.2High- Published Date:Apr 1, 2022
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.0
- EPSS Percentile:7%
Exploitability
- Score:1.2
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:HIGH
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Rockwell Automation Studio 5000 Logix Designer (all versions) is vulnerable to code injection by an attacker who gains administrator access on a workstation running the software, enabling injection of controller code undetectable to users. The vulnerability has a CVSS v3.1 base score of 7.7 (HIGH) with local attack vector, high privileges required, user interaction, and a changed scope affecting confidentiality, integrity, and availability.
Overview
Rockwell Automation Studio 5000 Logix Designer is susceptible to a local, high-privilege code injection vulnerability that allows an administrator on a workstation to inject controller code in a way that is difficult for users to detect. The issue affects all versions and carries a high impact across confidentiality, integrity, and availability, requiring user interaction and local access to exploit. The vendor indicates there is no direct in-app mitigation, but provides detection and upgrade-based strategies to reduce risk, including software and firmware updates and verification tools to ensure the controller program matches the downloaded version.
Remediation
- Upgrade to Studio 5000 software version 34 or later, and apply the corresponding firmware for Logix 5580, 5380, 5480, GuardLogix 5580, and Compact GuardLogix 5380 controllers as recommended by Rockwell Automation.
- Use the detection options described by Rockwell to verify that the controller program residing in the controller matches what was downloaded:
- On-demand verification with the Logix Designer application Compare Tool v9 or later.
- Scheduled verification with FactoryTalk AssetCentre v12 or later (available Fall 2022).
- Perform user program verification on an uncompromised workstation to reduce risk of manipulated tooling or software on that device.
- Implement defense-in-depth practices: restrict administrator access on engineering workstations, monitor for tampering, and apply general security hardening as per organizational practices.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
