CVE-2022-1161 CRITICAL

CVE-2022-1161: ICSA-22-090-05 Rockwell Automation Logix Controllers

Vendor Rockwell Automation
Product 1768 CompactLogix controllers
Weakness CWE-829 · Inclusion from untrusted sphere
Published April 11, 2022
Last update April 16, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Key dates

02Disclosure timeline

April 11, 2022 CVE published
April 16, 2025 Record updated