Loading

ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP

Severity:
High
Advisory ID:
SD1693
Fecha de publicación:
September 10, 2024
Última actualización:
November 13, 2024
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2024-6077
Descargas
The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:
JSON
Resumen
ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP

Published Date: 9/12/2024

Updated Date: 9/12/2024 

Revision Number: 1.0

CVSS: v3.1: 7.4, 4.0: 8.3

 

The security of our products is important to us as your chosen industrial automation supplier.  This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improving your business or production environments.

 

AFFECTED PRODUCTS AND SOLUTION

 

 

Affected Family 

 

 

 

 

First Known in Software/Firmware Version

 

 

 

 

Corrected in Software/Firmware Version

 

 

 

 

CompactLogix 5380

 

 

 

 

 

 

 

v.32 .011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

CompactLogix 5380 Process 

 

 

 

 

v.33.011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

Compact GuardLogix 5380 SIL 2 

 

 

 

 

v.32.013

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

Compact GuardLogix 5380 SIL 3 

 

 

 

 

v.32.011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

CompactLogix 5480 

 

 

 

 

v.32.011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

ControlLogix® 5580 

 

 

 

 

v.32.011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

ControlLogix® 5580 Process 

 

 

 

 

v.33.011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

GuardLogix 5580 

 

 

 

 

v.32.011

 

 

 

 

v33.017, v34.014, v35.013, v36.011 and later

 

 

 

 

1756-EN4

 

 

 

 

v2.001

 

 

 

 

v6.001 and later

 

 

 

VULNERABILITY DETAILS

 Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.

CVE-2024-6077 IMPACT

A denial-of-service vulnerability exists in the affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. 

CVSS Base Score: 7.5 
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS Base Score: 8.7 
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N 
CWE-20:  Improper Input Validation 
Known Exploited Vulnerability (KEV) database: No

Mitigations and Workarounds 
Customers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. 

  • Users who do not wish to use CIP security can disable the feature per device. See "Disable CIP Security" in Chapter 2 of "CIP Security with Rockwell Automation Products" (publication SECURE-AT001)

For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

ADDITIONAL RESOURCES

The following link provides CVE information in Vulnerability Exploitability Exchange (VEX) format, which is machine readable and can be used to automate vulnerability management and tracking activities.   

    JSON CVE-2024-6077

Copyright ©2022 Rockwell Automation, Inc.