Search criteria
2 vulnerabilities found for Studio 5000 Logix Emulate by Rockwell Automation
CVE-2022-3156 (GCVE-0-2022-3156)
Vulnerability from cvelistv5 – Published: 2022-12-27 18:17 – Updated: 2025-04-10 20:06
VLAI?
Title
Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability
Summary
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
Severity ?
7.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Studio 5000 Logix Emulate |
Affected:
20.011 , ≤ 33.011
(Major)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:05:43.136419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:06:21.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Studio 5000 Logix Emulate",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.011",
"status": "affected",
"version": "20.011 ",
"versionType": "Major"
}
]
}
],
"datePublic": "2022-12-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u0026nbsp; Users are granted elevated permissions on certain product services when the software is installed.\u0026nbsp;Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u00a0 Users are granted elevated permissions on certain product services when the software is installed.\u00a0Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T18:17:50.219Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3156",
"datePublished": "2022-12-27T18:17:50.219Z",
"dateReserved": "2022-09-07T18:58:07.407Z",
"dateUpdated": "2025-04-10T20:06:21.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3156 (GCVE-0-2022-3156)
Vulnerability from nvd – Published: 2022-12-27 18:17 – Updated: 2025-04-10 20:06
VLAI?
Title
Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability
Summary
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
Severity ?
7.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Studio 5000 Logix Emulate |
Affected:
20.011 , ≤ 33.011
(Major)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:05:43.136419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:06:21.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Studio 5000 Logix Emulate",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.011",
"status": "affected",
"version": "20.011 ",
"versionType": "Major"
}
]
}
],
"datePublic": "2022-12-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u0026nbsp; Users are granted elevated permissions on certain product services when the software is installed.\u0026nbsp;Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u00a0 Users are granted elevated permissions on certain product services when the software is installed.\u00a0Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T18:17:50.219Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3156",
"datePublished": "2022-12-27T18:17:50.219Z",
"dateReserved": "2022-09-07T18:58:07.407Z",
"dateUpdated": "2025-04-10T20:06:21.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}