Studio 5000 Logix Designer compiles the user program on the workstation. This compilation process prepares the Logix Designer application user program for download to a Logix controller. To successfully exploit this vulnerability, an attacker must first gain administrator access to the workstation running Studio 5000 Logix Designer. The attacker can then intercept the compilation process and inject code into the user program. The user may potentially be unaware that this modification has taken place.
Read: "The Old Switcheroo: Hiding Code on Rockwell Automation PLCs"

Risk Information

  • CVE ID
  • CVE-2022-1159
  • Vendor
  • Rockwell Automation
  • Product
  • Logix Designer
  • CVSS v3
  • 7.7