Full Report
On the last day of March 2022, Claroty (Team82) published an article on two vulnerabilities they had identified in Rockwell Automation products. We believe that the severity of these vulnerabilities has been significantly exaggerated. At the same time, the most dangerous vulnerability in the same products has remained unnoticed.
Analysis Summary
The provided article context only states that Claroty reported two vulnerabilities in Rockwell Automation products on March 31, 2022, and claims their severity was exaggerated while a more dangerous flaw remained unnoticed.
**Crucially, the provided text *does not contain the specific CVE identifiers, CVSS scores, affected versions, technical details, or remediation information* for the vulnerabilities discussed by Claroty or the "unnoticed" vulnerability.**
Therefore, I can only provide a summary template based on the information *mentioned* but cannot populate the specific fields accurately without the full content of the Kaspersky ICS CERT article.
---
# Vulnerability: Rockwell Automation Vulnerabilities (Disputed Severity)
## CVE Details
- CVE ID: [Information not present in context]
- CVSS Score: [Information not present in context] (Severity: [Information not present in context])
- CWE: [Information not present in context]
## Affected Systems
- Products: Rockwell Automation Products (Specific list unavailable)
- Versions: [Specific vulnerable versions unavailable]
- Configurations: [Any specific conditions unavailable]
## Vulnerability Description
The context refers to two vulnerabilities reported by Claroty (Team82) on March 31, 2022, whose severity is disputed by the author of the summarized article. The context also implies a third, more dangerous, but currently unlisted vulnerability exists in the same products.
## Exploitation
- Status: [Status unknown]
- Complexity: [Complexity unknown]
- Attack Vector: [Attack vector unknown]
## Impact
- Confidentiality: [Impact unknown]
- Integrity: [Impact unknown]
- Availability: [Impact unknown]
## Remediation
### Patches
- [Patch information unavailable as specific CVEs are unknown]
### Workarounds
- [Workaround information unavailable]
## Detection
- [Indicators of compromise unknown]
- [Detection methods and tools unknown]
## References
- [Vendor advisories unknown]
- [Relevant links - defanged: hxxps://ics-cert.kaspersky.com/publications/blog/ (Main source URL mentioned)]