Versio.io

CVE-2021-22681

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 03-03-2021 07:15
Last modified: - 25-04-2022 06:16
Total changes: - 4

Description

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
 

Verification logic

AND
OR
vendor=rockwellautomation AND product=factorytalk_services_platform AND versionStartIncluding=2.10
vendor=rockwellautomation AND product=rslogix_5000 AND versionEndIncluding=20 AND versionStartIncluding=16
vendor=rockwellautomation AND product=studio_5000_logix_designer AND versionStartIncluding=21.0
OR
vendor=rockwellautomation AND product=compact_guardlogix_5370 AND version=-
vendor=rockwellautomation AND product=compact_guardlogix_5380 AND version=-
vendor=rockwellautomation AND product=compactlogix_1768 AND version=-
vendor=rockwellautomation AND product=compactlogix_1769 AND version=-
vendor=rockwellautomation AND product=compactlogix_5370 AND version=-
vendor=rockwellautomation AND product=compactlogix_5380 AND version=-
vendor=rockwellautomation AND product=compactlogix_5480 AND version=-
vendor=rockwellautomation AND product=controllogix_5550 AND version=-
vendor=rockwellautomation AND product=controllogix_5560 AND version=-
vendor=rockwellautomation AND product=controllogix_5570 AND version=-
vendor=rockwellautomation AND product=controllogix_5580 AND version=-
vendor=rockwellautomation AND product=drivelogix_1794-l34 AND version=-
vendor=rockwellautomation AND product=drivelogix_5560 AND version=-
vendor=rockwellautomation AND product=drivelogix_5730 AND version=-
vendor=rockwellautomation AND product=guardlogix_5570 AND version=-
vendor=rockwellautomation AND product=guardlogix_5580 AND version=-
vendor=rockwellautomation AND product=softlogix_5800 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2021-22681

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.