Details of VAR-202212-1782

ID

VAR-202212-1782

CVE

CVE-2022-3157

TITLE

plural Rockwell Automation Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-023900

DESCRIPTION

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). CompactLogix 5370 firmware, Compact Guardlogix 5370 firmware, Compact GuardLogix 5380 Controller firmware, etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Rockwell Automation controllers are a series of controllers from Rockwell Automation, an American company. Attackers can exploit this vulnerability to cause major non-recoverable failures (MNRF) and denial of service

Trust: 2.25

sources: NVD: CVE-2022-3157 // JVNDB: JVNDB-2022-023900 // CNVD: CNVD-2025-04522 // VULMON: CVE-2022-3157

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-04522

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	compact guardlogix 5380	scope:	gte	version:	28	Trust: 1.0
vendor:	rockwellautomation	model:	guardlogix 5570	scope:	lte	version:	33	Trust: 1.0
vendor:	rockwellautomation	model:	guardlogix 5570	scope:	gte	version:	20	Trust: 1.0
vendor:	rockwellautomation	model:	compact guardlogix 5370	scope:	gte	version:	28	Trust: 1.0
vendor:	rockwellautomation	model:	compactlogix 5370	scope:	lte	version:	33	Trust: 1.0
vendor:	rockwellautomation	model:	compactlogix 5370	scope:	gte	version:	20	Trust: 1.0
vendor:	rockwellautomation	model:	controllogix 5570 redundancy	scope:	lte	version:	33	Trust: 1.0
vendor:	rockwellautomation	model:	compact guardlogix 5380	scope:	lte	version:	33	Trust: 1.0
vendor:	rockwellautomation	model:	controllogix 5570	scope:	lte	version:	33	Trust: 1.0
vendor:	rockwellautomation	model:	controllogix 5570	scope:	gte	version:	20	Trust: 1.0
vendor:	rockwellautomation	model:	compact guardlogix 5370	scope:	lte	version:	33	Trust: 1.0
vendor:	rockwellautomation	model:	controllogix 5570 redundancy	scope:	gte	version:	20	Trust: 1.0
vendor:	rockwell automation	model:	compactlogix 5370	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	controllogix 5570 redundancy	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	controllogix 5570 コントローラ	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	compact guardlogix 5370	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	guardlogix 5570 コントローラ	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	compact guardlogix 5380 コントローラ	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell	model:	automation rockwell automation controllers	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-04522 // JVNDB: JVNDB-2022-023900 // NVD: CVE-2022-3157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-3157
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2022-3157
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-3157
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-04522
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202212-3450
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-04522
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-3157
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2022-3157
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-3157
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-04522 // JVNDB: JVNDB-2022-023900 // CNNVD: CNNVD-202212-3450 // NVD: CVE-2022-3157 // NVD: CVE-2022-3157

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023900 // NVD: CVE-2022-3157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3450

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3450

PATCH

title:	Patch for Rockwell Automation controllers Denial of Service Vulnerability (CNVD-2025-04522)	url:	https://www.cnvd.org.cn/patchInfo/show/663791	Trust: 0.6
title:	Rockwell Automation controllers Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218804	Trust: 0.6

sources: CNVD: CNVD-2025-04522 // CNNVD: CNNVD-202212-3450

EXTERNAL IDS

db:	NVD	id:	CVE-2022-3157	Trust: 3.9
db:	ICS CERT	id:	ICSA-22-354-02	Trust: 1.4
db:	JVN	id:	JVNVU97518052	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023900	Trust: 0.8
db:	CNVD	id:	CNVD-2025-04522	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6635	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3450	Trust: 0.6
db:	VULMON	id:	CVE-2022-3157	Trust: 0.1

sources: CNVD: CNVD-2025-04522 // VULMON: CVE-2022-3157 // JVNDB: JVNDB-2022-023900 // CNNVD: CNNVD-202212-3450 // NVD: CVE-2022-3157

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3157	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu97518052/	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-354-02	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-354-02	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-3157/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6635	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-04522 // VULMON: CVE-2022-3157 // JVNDB: JVNDB-2022-023900 // CNNVD: CNNVD-202212-3450 // NVD: CVE-2022-3157

CREDITS

Rockwell Automation reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202212-3450

SOURCES

db:	CNVD	id:	CNVD-2025-04522
db:	VULMON	id:	CVE-2022-3157
db:	JVNDB	id:	JVNDB-2022-023900
db:	CNNVD	id:	CNNVD-202212-3450
db:	NVD	id:	CVE-2022-3157

LAST UPDATE DATE

2025-03-13T22:50:57.662000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-04522	date:	2025-03-07T00:00:00
db:	VULMON	id:	CVE-2022-3157	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023900	date:	2023-11-30T04:33:00
db:	CNNVD	id:	CNNVD-202212-3450	date:	2022-12-23T00:00:00
db:	NVD	id:	CVE-2022-3157	date:	2023-11-07T03:50:52.127

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-04522	date:	2025-03-07T00:00:00
db:	VULMON	id:	CVE-2022-3157	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023900	date:	2023-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202212-3450	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-3157	date:	2022-12-16T21:15:08.797