CVE-2022-3156

HIGH

Rockwell Automation Studio 5000 Logix Emulate 20.011-33.x - Remote Code Execution via Service Misconfiguration

Title source: llm

Description

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software.

References (1)

Core 1

Core References

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137846

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 23.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

rockwellautomation/studio_5000_logix_emulate 20.011 - 34.00

Published Dec 27, 2022

Tracked Since Feb 18, 2026