CVE-2022-3156 HIGH

CVE-2022-3156: Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability

Vendor Rockwell Automation
Product Studio 5000 Logix Emulate
Weakness CWE-287 · Improper authentication
Published December 27, 2022
Last update April 10, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software.  Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.

Key dates

02Disclosure timeline

December 27, 2022 CVE published
April 10, 2025 Record updated