CVE-2022-3156

Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 0.4%CWE-287

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Dec 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Rockwell Automation · Studio 5000 Logix Emulate

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846