CVE-2022-3156
Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to
this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.
Existe una vulnerabilidad de ejecución remota de código en el software Rockwell Automation Studio 5000 Logix Emulate. A los usuarios se les otorgan permisos elevados sobre ciertos servicios del producto cuando se instala el software. Debido a esta mala configuración, un usuario malintencionado podría lograr la ejecución remota de código en el software de destino.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-09-07 CVE Reserved
- 2022-12-27 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
- CAPEC-122: Privilege Abuse
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Studio 5000 Logix Emulate Search vendor "Rockwellautomation" for product "Studio 5000 Logix Emulate" | >= 20.011 < 34.00 Search vendor "Rockwellautomation" for product "Studio 5000 Logix Emulate" and version " >= 20.011 < 34.00" | - |
Affected
| ||||||