CVE-2022-3157

Name of the Vulnerable Software and Affected Versions Rockwell Automation controllers (affected versions not specified) Rockwell Automation CompactLogix, ControlLogix, GuardLogix (affected versions not specified)

Description A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). The issue is related to errors in processing input data, which can be exploited by a remote attacker to cause a denial-of-service condition.

Recommendations For Rockwell Automation controllers, consider implementing measures to validate and sanitize CIP requests to prevent malformed requests from causing a denial-of-service condition. For Rockwell Automation CompactLogix, ControlLogix, GuardLogix, restrict access to the controllers and implement network segmentation to minimize the risk of exploitation. As a temporary workaround, consider disabling the vulnerable functionality related to CIP requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.