CVE-2022-1797 MEDIUM

CVE-2022-1797: Rockwell Automation Logix Controllers Uncontrolled Resource Consumption

Vendor Rockwell Automation

Product CompactLogix 5380 controllers

Weakness CWE-400

Published May 31, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

Key dates

02Disclosure timeline

May 31, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1797 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2022-1797

CWE CWE-400

CVSS 6.8 / MEDIUM