ControlLogix Vulnerable to Denial of Service via CIP Messages

Published Date: October 10, 2024 
Last updated: October 10, 2024
Revision Number: 1.0
CVSS Score: v3.1: 7.5, v4.0: 8.7 
 

AFFECTED PRODUCTS AND SOLUTION

VULNERABILITY DETAILS

Rockwell Automation used version 3.1 and 4.0 of the CVSS scoring system to assess the following vulnerabilities. The following vulnerability was reported to Rockwell Automation by Trevor Flynn.

CVE-2024-6207 IMPACT

A denial-of-service vulnerability exists in the affected products that will cause the device to result in a major nonrecoverable fault (MNRF) when it receives an invalid CIP request. To exploit this vulnerability a malicious user must chain this exploits with CVE 2021-22681 and send a specially crafted CIP message to the device.  If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation.  To recover the controllers, a download is required which ends any process that the controller is running. 

CVSS Base Score v3.1: 7.5/10

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 

CVSS Base Score v4.0: 8.7/10

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE: CWE-20: Improper Input Validation

Known Exploited Vulnerability (KEV) database:  No

Users can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

Mitigations and Workarounds 

Users using the affected software are also encouraged to apply security best practices to minimize the risk of vulnerability. 

• Security Best Practices

 ADDITIONAL RESOURCES

• JSON CVE-2024-6207