CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

Published: Apr 11, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-1161
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 10
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-829

Affected Software
References

Software	From	Fixed in
rockwellautomation / compactlogix_1768-l43_firmware	-	-
rockwellautomation / compactlogix_1768-l45_firmware	-	-
rockwellautomation / compactlogix_1769-l31_firmware	-	-
rockwellautomation / compactlogix_1769-l32c_firmware	-	-
rockwellautomation / compactlogix_1769-l32e_firmware	-	-
rockwellautomation / compactlogix_1769-l35cr_firmware	-	-
rockwellautomation / compactlogix_1769-l35e_firmware	-	-
rockwellautomation / compactlogix_5370_l3_firmware	-	-
rockwellautomation / compactlogix_5370_l2_firmware	-	-
rockwellautomation / compactlogix_5370_l1_firmware	-	-
rockwellautomation / compactlogix_5380_firmware	-	-
rockwellautomation / compactlogix_5480_firmware	-	-
rockwellautomation / compact_guardlogix_5370_firmware	-	-
rockwellautomation / compact_guardlogix_5380_firmware	-	-
rockwellautomation / controllogix_5550_firmware	-	-
rockwellautomation / controllogix_5560_firmware	-	-
rockwellautomation / controllogix_5570_firmware	-	-
rockwellautomation / controllogix_5580_firmware	-	-
rockwellautomation / guardlogix_5560_firmware	-	-
rockwellautomation / guardlogix_5570_firmware	-	-
rockwellautomation / guardlogix_5580_firmware	-	-
rockwellautomation / flexlogix_1794-l34_firmware	-	-
rockwellautomation / drivelogix_5730_firmware	-	-
rockwellautomation / softlogix_5800_firmware	-	-

https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05

Vulnerability Database

308,485

CVE-2022-1161

Deep Security Visibility Without the Complexity