An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.
Conclusion & alert: CVE-2022-1161 is rated High Risk (72/100): CVSS Critical severity, with high exploitation likelihood (EPSS 5.01%, 91th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-28 | 4.87% | 5.01% | +0.14% |
| 2 | 2026-06-15 | 0.12% | 4.87% | +4.75% |
| 3 | 2025-11-21 | — | 0.12% | — |
Full EPSS history (17 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 10.0 | 3.1 | CRITICAL |
|
3.9 | 6.0 | [email protected] |
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| rockwellautomation | compactlogix_1768-l43_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1768-l43_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_1768-l45_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1768-l45_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_1769-l31_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1769-l31_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_1769-l32c_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1769-l32c_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_1769-l32e_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1769-l32e_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_1769-l35cr_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1769-l35cr_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_1769-l35e_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_1769-l35e_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_5370_l3_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_5370_l2_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_5370_l1_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_5380_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compactlogix_5480_firmware | — | cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compact_guardlogix_5370_firmware | — | cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | compact_guardlogix_5380_firmware | — | cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | controllogix_5550_firmware | — | cpe:2.3:o:rockwellautomation:controllogix_5550_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | controllogix_5560_firmware | — | cpe:2.3:o:rockwellautomation:controllogix_5560_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | controllogix_5570_firmware | — | cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | controllogix_5580_firmware | — | cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | guardlogix_5560_firmware | — | cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | guardlogix_5570_firmware | — | cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | guardlogix_5580_firmware | — | cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | flexlogix_1794-l34_firmware | — | cpe:2.3:o:rockwellautomation:flexlogix_1794-l34_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | drivelogix_5730_firmware | — | cpe:2.3:o:rockwellautomation:drivelogix_5730_firmware:*:*:*:*:*:*:*:* |
| rockwellautomation | softlogix_5800_firmware | — | cpe:2.3:o:rockwellautomation:softlogix_5800_firmware:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-05 | Third Party Advisory US Government Resource |