high
8.6
CWE
20 22
Advisory Published
Updated

CVE-2020-6998: Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

First published: Wed Jul 27 2022(Updated: )

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Rockwell Automation Armor Compact GuardLogix 5370 controllers
Rockwell Automation Armor GuardLogix
Rockwell Automation CompactLogix 5370 L1 controllers
Rockwell Automation CompactLogix 5370 L2 controllers
Rockwell Automation CompactLogix 5370 L3 controllers
Rockwell Automation Armor Compact GuardLogix 5370 controllers
Rockwell Automation ControlLogix 5570 controllers
Rockwell Automation Compact GuardLogix 5370 Firmware<=33
Rockwell Automation Compact GuardLogix 5370 Firmware
Rockwell Automation Compact GuardLogix 5370 Firmware<=33
Rockwell Automation Compact GuardLogix 5370 Firmware
Rockwell Automation CompactLogix 5370 L1 firmware<=33
Rockwell Automation CompactLogix 5370 L1 firmware
Rockwell Automation CompactLogix 5370 L2 Firmware<=33
Rockwell Automation CompactLogix 5370 L2 Firmware
Rockwell Automation CompactLogix 5370 L3 Firmware<=33
Rockwell Automation CompactLogix 5370 L3 Firmware
Rockwell Automation ControlLogix 5570<=33
Rockwell Automation ControlLogix 5570
Rockwell Automation GuardLogix Firmware<=33
Rockwell Automation GuardLogix 5560 Firmware
Rockwell Automation GuardLogix 5570 Controller firmware<=33
Rockwell Automation GuardLogix 5570 Controller firmware
Rockwell Automation GuardLogix 5580 Firmware<=33
Rockwell Automation GuardLogix 5580

Remedy

Rockwell Automation recommends affected users apply firmware v33.011 or later. For more information see the Rockwell Automation advisory (login required).

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2020-6998?

    CVE-2020-6998 is a vulnerability in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior that allows an attacker to create an infinite loop by sending specially crafted CIP packet requests.

  • What is the severity of CVE-2020-6998?

    The severity of CVE-2020-6998 is high, with a CVSS score of 8.6.

  • How does CVE-2020-6998 affect Rockwell Automation products?

    CVE-2020-6998 affects Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior.

  • How can an attacker exploit CVE-2020-6998?

    An attacker can exploit CVE-2020-6998 by sending specially crafted CIP packet requests to the vulnerable Rockwell Automation devices.

  • Are there any fixes available for CVE-2020-6998?

    Rockwell Automation has released firmware updates to address the vulnerability. Users are advised to update to the latest firmware version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203