8.6
CWE
20 22
Advisory Published
Updated

CVE-2020-6998: Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

First published: Wed Jul 27 2022(Updated: )

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Rockwellautomation Armor Compact Guardlogix 5370 Firmware<=33
Rockwellautomation Armor Compact Guardlogix 5370
Rockwellautomation Compact Guardlogix 5370 Firmware<=33
Rockwellautomation Compact Guardlogix 5370
Rockwellautomation Compactlogix 5370 L1 Firmware<=33
Rockwellautomation Compactlogix 5370 L1
Rockwellautomation Compactlogix 5370 L2 Firmware<=33
Rockwellautomation Compactlogix 5370 L2
Rockwellautomation Compactlogix 5370 L3 Firmware<=33
Rockwellautomation Compactlogix 5370 L3
Rockwellautomation Controllogix 5570 Firmware<=33
Rockwellautomation Controllogix 5570
Rockwellautomation Guardlogix 5560 Firmware<=33
Rockwellautomation Guardlogix 5560
Rockwellautomation Guardlogix 5570 Firmware<=33
Rockwellautomation Guardlogix 5570
Rockwellautomation Guardlogix 5580 Firmware<=33
Rockwellautomation Guardlogix 5580
Rockwell Automation Armor Compact GuardLogix 5370 controllers, Versions 33 and prior
Rockwell Automation Armor GuardLogix, Safety Controllers, Versions 33 and prior
Rockwell Automation CompactLogix 5370 L1 controllers, Versions 33 and prior
Rockwell Automation CompactLogix 5370 L2 controllers, Versions 33 and prior
Rockwell Automation CompactLogix 5370 L3 controllers, Versions 33 and prior
Rockwell Automation Compact GuardLogix 5370 controllers, Versions 33 and prior
Rockwell Automation ControlLogix 5570 controllers, Versions 33 and prior

Remedy

Rockwell Automation recommends affected users apply firmware v33.011 or later. For more information see the Rockwell Automation advisory (login required).

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2020-6998?

    CVE-2020-6998 is a vulnerability in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior that allows an attacker to create an infinite loop by sending specially crafted CIP packet requests.

  • What is the severity of CVE-2020-6998?

    The severity of CVE-2020-6998 is high, with a CVSS score of 8.6.

  • How does CVE-2020-6998 affect Rockwell Automation products?

    CVE-2020-6998 affects Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior.

  • How can an attacker exploit CVE-2020-6998?

    An attacker can exploit CVE-2020-6998 by sending specially crafted CIP packet requests to the vulnerable Rockwell Automation devices.

  • Are there any fixes available for CVE-2020-6998?

    Rockwell Automation has released firmware updates to address the vulnerability. Users are advised to update to the latest firmware version.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203