Severity: 
                            
                            
                                        
                                        High
                                    
                                
                            
                                Advisory ID: 
                            
                            
                                PN1613
                            
                        
                                Fecha de publicación: 
                            
                            
                                January 25, 2023
                            
                        
                                Última actualización: 
                            
                            
                                September 08, 2025
                            
                        
                                Revision Number: 
                            
                            
                                1.2
                            
                        
                                Known Exploited Vulnerability (KEV): 
                            
                            
                                No
                            
                        
                                Corrected: 
                            
                            
                                No
                            
                        
                                Workaround: 
                            
                            
                                No
                            
                        
                            CVE IDs
                        
                        
                                    
                                    CVE-2022-3157
                                
                            
                        
                    Resumen
                
                
                    Product Notice 1613: Logix Controllers Vulnerable to a Denial-of-Service Vulnerability
                
            
 Revision History
Revision Number
1.2
Revision History
Version 1.0 – December 15, 2022
Version 1.1 – January 17, 2022 – Updated risk mitigation section
Version 1.2 – January 25, 2023 – Updated risk mitigation section
Version 1.1 – January 17, 2022 – Updated risk mitigation section
Version 1.2 – January 25, 2023 – Updated risk mitigation section
Version 1.3 - September 8. 2025 - Updated for readability
Executive Summary
Rockwell Automation was made aware of a denial-of-service security issue that impacts several versions of our GuardLogix® and ControlLogix® controllers. Use of this security issue could  lead to a breakdown in availability of the controller and/or a major non-recoverable fault (MNRF).
Customers using affected software versions should use the mitigations in this disclosure. Additional details relating to the discovered security issue, including the products in scope, impact, and recommended countermeasures, are below. We have not received any notice of this security issue being used in Rockwell Automation products.
Customers using affected software versions should use the mitigations in this disclosure. Additional details relating to the discovered security issue, including the products in scope, impact, and recommended countermeasures, are below. We have not received any notice of this security issue being used in Rockwell Automation products.
Affected Products
- CompactLogix™ 5370
- Compact GuardLogix 5370
- ControlLogix 5570
- ControlLogix 5570 redundancy
- GuardLogix 5570
Security Issue Details
CVE-2022-3157 Controllers vulnerable to Denial-of-Service Condition
A security issue exists in the Rockwell Automation controllers. It allows a malformed CIP™ request to cause a (MNRF) and a denial-of-service condition (DOS).
A security issue exists in the Rockwell Automation controllers. It allows a malformed CIP™ request to cause a (MNRF) and a denial-of-service condition (DOS).
CVSS Base Score:  8.6/10 (High) 
 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HRisk Mitigation & User Action
This security issue has been addressed in newer versions of the products. Customers should use risk mitigations below and combine them with QA43240 - Recommended Security Guidelines from Rockwell Automation to employ multiple strategies simultaneously.
| Products Affected | First Known Version Affected | Corrected In | 
| CompactLogix 5370 ControlLogix 5570 GuardLogix 5570 | 20.011 | 
 | 
| Compact GuardLogix 5370 | 28.011 | 
 | 
| ControlLogix 5570 Redundancy | 20.054 | 
 | 
Reference
Glossary
Denial-of-Service: malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations
Major Nonrecoverable Fault (MNRF): an error that occurs in a system or device and prevents it from recovering or functioning properly
Copyright ©2022 Rockwell Automation, Inc.