github - ghsa-q432-7rqq-8cfj

ghsa-q432-7rqq-8cfj

Vulnerability from github

Published

2022-12-20 00:30

Modified

2022-12-27 21:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-3752"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-19T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic load to cause a denial-of-service condition resulting in a denial-of-service condition. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.",
  "id": "GHSA-q432-7rqq-8cfj",
  "modified": "2022-12-27T21:30:21Z",
  "published": "2022-12-20T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3752"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-3752

Vulnerability from cvelistv5

Published

2022-12-19 22:23

Modified

2024-08-03 01:20

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack

References

▼	URL	Tags
	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664

Impacted products

▼	Vendor	Product
	Rockwell Automation	CompactLogix 5480
	Rockwell Automation	ControlLogix 5580
	Rockwell Automation	GuardLogix 5580
	Rockwell Automation	Compact GuardLogix 5380
	Rockwell Automation	CompactLogix 5380

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:20:57.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CompactLogix 5480",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "32.011 and later"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ControlLogix 5580 ",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "31.011 and later"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GuardLogix 5580",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "31.011 and later"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Compact GuardLogix 5380",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "31.011 and later"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CompactLogix 5380",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "31.011 and later"
            }
          ]
        }
      ],
      "datePublic": "2022-12-13T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic \nloading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload \nthe user project file to bring the device back online and continue normal operation.\n\n\n"
            }
          ],
          "value": "An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic \nloading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload \nthe user project file to bring the device back online and continue normal operation.\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-594",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-594 Traffic Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-27T18:16:26.185Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137664"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2022-3752",
    "datePublished": "2022-12-19T22:23:36.836Z",
    "dateReserved": "2022-10-28T20:53:01.640Z",
    "dateUpdated": "2024-08-03T01:20:57.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted