CVE-2022-3752 HIGH

CVE-2022-3752: Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack

Vendor Rockwell Automation
Product CompactLogix 5480
Weakness CWE-20 · Input validation
Published December 19, 2022
Last update April 16, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Key dates

02Disclosure timeline

December 19, 2022 CVE published
April 16, 2025 Record updated