CVE-2017-6024
First published: Sat May 06 2017(Updated: )
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation CompactLogix 5380 Firmware | =v28.011 | |
| Rockwell Automation CompactLogix 5380 Firmware | =v29.011 | |
| Rockwell Automation CompactLogix 5380 Firmware | ||
| Rockwell Automation ControlLogix 5580 Firmware | =v28.011 | |
| Rockwell Automation ControlLogix 5580 Firmware | =v28.012 | |
| Rockwell Automation ControlLogix 5580 Firmware | =v28.013 | |
| Rockwell Automation ControlLogix 5580 Firmware | =v29.011 | |
| Rockwell Automation ControlLogix 5580 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6024?
CVE-2017-6024 has been identified as a Resource Exhaustion vulnerability that could impact the availability of affected Rockwell Automation controllers.
How do I fix CVE-2017-6024?
To fix CVE-2017-6024, ensure that you update your Rockwell Automation ControlLogix and CompactLogix firmware to the latest patched versions.
What versions are affected by CVE-2017-6024?
CVE-2017-6024 affects Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, V28.013, V29.011 and CompactLogix 5380 controllers V28.011 and V29.011.
Can CVE-2017-6024 be exploited remotely?
Yes, CVE-2017-6024 can potentially be exploited by an attacker remotely to trigger resource exhaustion on the affected devices.
What should I do if I am using vulnerable Rockwell Automation controllers related to CVE-2017-6024?
If using vulnerable controllers related to CVE-2017-6024, you should immediately plan for firmware updates and implement network segmentation to reduce risk.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation compactlogix 5380 firmware
- version/rockwell automation compactlogix 5380 firmware/v28.011
- version/rockwell automation compactlogix 5380 firmware/v29.011
- canonical/rockwell automation controllogix 5580 firmware
- version/rockwell automation controllogix 5580 firmware/v28.011
- version/rockwell automation controllogix 5580 firmware/v28.012
- version/rockwell automation controllogix 5580 firmware/v28.013
- version/rockwell automation controllogix 5580 firmware/v29.011