| Rockwell Automation

Page Title

PN1639 | Select Distributed I/O Communication Modules vulnerable to a Denial-of-Service Vulnerability

Summary

Select Distributed I/O Communication Modules vulnerable to a Denial-of-Service Vulnerability

Page Content

Revision History

Revision Number

1.0

Revision History

Version 1.0 – August 23, 2023

Affected Products

Affected Product	First Known in Firmware Version	Corrected in Firmware Version
1734-AENT/1734-AENTR Series C	<=7.011	7.013
1734-AENT/1734-AENTR Series B	<=5.019	5.021
1738-AENT/ 1738-AENTR Series B	<=6.011	6.013
1794-AENTR Series A	<=2.011	2.012
1732E-16CFGM12QCWR Series A	<=3.011	3.012
1732E-12X4M12QCDR Series A	<=3.011	3.012
1732E-16CFGM12QCR Series A	<=3.011	3.012
1732E-16CFGM12P5QCR Series A	<=3.011	3.012
1732E-12X4M12P5QCDR Series A	<=3.011	3.012
1732E-16CFGM12P5QCWR Series B	<=3.011	3.012
1732E-IB16M12R Series B	<=3.011	3.012
1732E-OB16M12R Series B	<=3.011	3.012
1732E-16CFGM12R Series B	<=3.011	3.012
1732E-IB16M12DR Series B	<=3.011	3.012
1732E-OB16M12DR Series B	<=3.011	3.012
1732E-8X8M12DR Series B	<=3.011	3.012
1799ER-IQ10XOQ10 Series B	<=3.011	3.012

Vulnerability Details

This issue was reported to Rockwell Automation by the Cybersecurity and Infrastructure Security Agency. The affected devices utilize the Pyramid Solutions EtherNet/IP Adapter kit and are could potentially be affected by the vulnerability.

CVE-2022-1737 IMPACT
Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner may be vulnerable to an out-of-bounds write, which may allow an unauthorized threat actor to send a specially crafted packet that may result in a denial-of-service condition.

CVSS Base Score: 8.6
 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
 CWE: CWE-787 Out-of-Bounds Write

Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

Risk Mitigation & User Action

Customers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of vulnerability.

Customers should upgrade to the corrected firmware to mitigate the issues.
QA43240 - Recommended Security Guidelines from Rockwell Automation

Additional Resources

CVE-2022-1737 JSON

CVSS Tags

rockwell-automation:metadata/cvss-score/high-7-0-8-9

CVSS v3.1 Scores

CVSS v4.0 Scores

Product Type

rockwell-automation:metadata/product/hardware

Document ID

PN1639

AID (legacy)

1140532

Version

1.0

Vulnerability ID's

CVE-2022-1737

Products

1732E-OB16M12DR Series B
1732E-IB16M12R Series B
1734-AENTR
1732E-OB16M12R Series B
1732E-IB16M12DR Series B
1732E-8X8M12DR Series B
1738-AENTR Series A
1732E-12X4M12P5QCDR Series A
1732E-12X4M12QCDR Series A
1732E-16CFGM12QCR Series A
1734-AENT
1732E-12X4M12QCDR Series A
1732E-16CFGM12P5QCR Series A
1732E-16CFGM12R Series B
1799ER-IQ10XOQ10 Series B
1732E-16CFGM12P5QCWR Series B
1732E-16CFGM12QCWR Series A

Catalog Numbers

Legacy URL

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140532

Revision Number

Known Exploited Vulnerability (KEV)

false

Corrected

false

Workaround

false

Publish Date

2023-08-23 03:14

Last Updated

Download PDF

Download TXT

JSON Links

CVSS Scores (Legacy)

8.6

Additional Filter Tags