Search criteria
3 vulnerabilities found for studio_5000_logix_emulate by rockwellautomation
FKIE_CVE-2022-3156
Vulnerability from fkie_nvd - Published: 2022-12-27 19:15 - Updated: 2024-11-21 07:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | studio_5000_logix_emulate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:studio_5000_logix_emulate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9EB8A2-A2F2-45A4-923E-2E40BDF16F76",
"versionEndExcluding": "34.00",
"versionStartIncluding": "20.011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u00a0 Users are granted elevated permissions on certain product services when the software is installed.\u00a0Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software Rockwell Automation Studio 5000 Logix Emulate. A los usuarios se les otorgan permisos elevados sobre ciertos servicios del producto cuando se instala el software. Debido a esta mala configuraci\u00f3n, un usuario malintencionado podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo en el software de destino."
}
],
"id": "CVE-2022-3156",
"lastModified": "2024-11-21T07:18:56.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-27T19:15:10.357",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-3156 (GCVE-0-2022-3156)
Vulnerability from cvelistv5 – Published: 2022-12-27 18:17 – Updated: 2025-04-10 20:06
VLAI?
Title
Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability
Summary
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
Severity ?
7.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Studio 5000 Logix Emulate |
Affected:
20.011 , ≤ 33.011
(Major)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:05:43.136419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:06:21.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Studio 5000 Logix Emulate",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.011",
"status": "affected",
"version": "20.011 ",
"versionType": "Major"
}
]
}
],
"datePublic": "2022-12-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u0026nbsp; Users are granted elevated permissions on certain product services when the software is installed.\u0026nbsp;Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u00a0 Users are granted elevated permissions on certain product services when the software is installed.\u00a0Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T18:17:50.219Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3156",
"datePublished": "2022-12-27T18:17:50.219Z",
"dateReserved": "2022-09-07T18:58:07.407Z",
"dateUpdated": "2025-04-10T20:06:21.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3156 (GCVE-0-2022-3156)
Vulnerability from nvd – Published: 2022-12-27 18:17 – Updated: 2025-04-10 20:06
VLAI?
Title
Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability
Summary
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
Severity ?
7.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Studio 5000 Logix Emulate |
Affected:
20.011 , ≤ 33.011
(Major)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:05:43.136419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:06:21.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Studio 5000 Logix Emulate",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "33.011",
"status": "affected",
"version": "20.011 ",
"versionType": "Major"
}
]
}
],
"datePublic": "2022-12-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u0026nbsp; Users are granted elevated permissions on certain product services when the software is installed.\u0026nbsp;Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.\u00a0 Users are granted elevated permissions on certain product services when the software is installed.\u00a0Due to \nthis misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.\n\n \n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T18:17:50.219Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2022-3156",
"datePublished": "2022-12-27T18:17:50.219Z",
"dateReserved": "2022-09-07T18:58:07.407Z",
"dateUpdated": "2025-04-10T20:06:21.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}