- What is the severity of CVE-2022-1161?
- CVE-2022-1161 has been scored as a critical severity vulnerability.
- How to fix CVE-2022-1161?
- To fix CVE-2022-1161: The following mitigations should be applied for ControlLogix 5560, ControlLogix 5570, ControlLogix 5580 series, GuardLogix 5570, GuardLogix 5580, GuardLogix 5380, CompactLogix, CompactLogix 5380 devices: Risk Mitigation A: Recompile and download user program code (i.e., acd). Put controller mode switch into Run position. If keeping controller mode switch in Run is impractical, use the following mitigation: Recompile and download user program code (i.e., acd). Monitor controller change log for any unexpected modifications or anomalous activity. Utilize the Controller Log feature. Utilize Change Detection in the Logix Designer Application. If available, use the functionality in FactoryTalk AssetCenter software to detect changes. Risk Mitigation B: Implement CIP Security to help prevent unauthorized connections when properly deployed. Supported controllers and communications modules include: ControlLogix 5580 processors using on-board EtherNet/IP port. GuardLogix 5580 processors using on-board EtherNet/IP port. ControlLogix 5580 processors operating in High Availability (HA) configurations using 1756-EN4TR ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, GuardLogix 5570 and GuardLogix 5580 can use a 1756-EN4TR ControlLogix EtherNet/IP module. If using a 1756-EN2T, then replace with a 1756-EN4TR CompactLogix 5380 using on-board EtherNet/IP port. CompactLogix GuardLogix 5380 using on-board EtherNet/IP port. The following mitigations should be applied for 1768 CompactLogix, 1769 CompactLogix, CompactLogix 5370, and CompactLogix 5480 devices: Recompile and download user program code (i.e., acd). Put controller mode switch into Run position. If keeping controller mode switch in Run is impractical, then use the following mitigation: Recompile and download user program code (i.e., acd). Monitor controller change log for any unexpected modifications or anomalous activity. Use the Controller Log feature. Use Change Detection in the Logix Designer application. If available, use the functionality in FactoryTalk AssetCenter to detect changes.
- Is CVE-2022-1161 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2022-1161 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2022-1161?
- CVE-2022-1161 affects Rockwell Automation 1768 CompactLogix controllers, Rockwell Automation 1769 CompactLogix controllers, Rockwell Automation CompactLogix 5370 controllers, Rockwell Automation CompactLogix 5380 controllers, Rockwell Automation CompactLogix 5480 controllers, Rockwell Automation Compact GuardLogix 5370 controllers, Rockwell Automation Compact GuardLogix 5380 controllers, Rockwell Automation ControlLogix 5550 controllers, Rockwell Automation ControlLogix 5560 controllers, Rockwell Automation ControlLogix 5570 controllers, Rockwell Automation ControlLogix 5580 controllers, Rockwell Automation GuardLogix 5560 controllers, Rockwell Automation GuardLogix 5570 controllers, Rockwell Automation GuardLogix 5580 controllers, Rockwell Automation FlexLogix 1794-L34 controllers, Rockwell Automation DriveLogix 5730 controllers, Rockwell Automation SoftLogix 5800 controllers.