CVE-2022-1161

Name of the Vulnerable Software and Affected Versions Rockwell Automation ControlLogix, CompactLogix, and GuardLogix Control systems (affected versions not specified) Rockwell Automation FlexLogix, DriveLogix, and SoftLogix (affected versions not specified)

Description The issue allows an attacker to modify user program code on certain control systems. This is possible because the Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, enabling an attacker to change one without affecting the other. The vulnerability is related to the possibility of injecting functionality from an untrusted management environment, which can be exploited by a remote attacker to execute arbitrary code by modifying byte code.

Recommendations For Rockwell Automation ControlLogix, CompactLogix, and GuardLogix Control systems, consider restricting access to the system to prevent unauthorized modification of user program code until a fix is available. For Rockwell Automation FlexLogix, DriveLogix, and SoftLogix, restrict access to the system to minimize the risk of exploitation. As a temporary workaround, consider disabling the modification of user program code functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.