8.7
CWE
20
Advisory Published
Updated

CVE-2024-6077: Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP

First published: Thu Sep 12 2024(Updated: )

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

Credit: PSIRT@rockwellautomation.com

Affected SoftwareAffected VersionHow to fix
All of
Rockwellautomation Compactlogix 5380 Firmware=32.011
Rockwellautomation Compactlogix 5380
All of
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware=32.013
Rockwellautomation Compact Guardlogix 5380 Sil 2
All of
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware=32.011
Rockwellautomation Compact Guardlogix 5380 Sil 3
All of
Rockwellautomation Compactlogix 5480 Firmware=32.011
Rockwellautomation Compactlogix 5480
All of
Rockwellautomation Controllogix 5580 Firmware=33.011
Rockwellautomation Controllogix 5580
All of
Rockwellautomation Guardlogix 5580 Firmware=32.011
Rockwellautomation Guardlogix 5580
All of
Rockwellautomation 1756-en4 Firmware=2.001
Rockwellautomation 1756-en4

Remedy

Affected Family         First Known in Software/Firmware Version         Corrected in Software/Firmware Version         CompactLogix 5380               v.32 .011         v33.017, v34.014, v35.013, v36.011 and later         CompactLogix 5380 Process         v.33.011         v33.017, v34.014, v35.013, v36.011 and later         Compact GuardLogix 5380 SIL 2         v.32.013         v33.017, v34.014, v35.013, v36.011 and later         Compact GuardLogix 5380 SIL 3         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         CompactLogix 5480         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         ControlLogix® 5580         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         ControlLogix® 5580 Process         v.33.011         v33.017, v34.014, v35.013, v36.011 and later         GuardLogix 5580         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         1756-EN4         v2.001         v6.001 and later       Mitigations and Workarounds Customers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. * Users who do not wish to use CIP security can disable the feature per device. See "Disable CIP Security" in Chapter 2 of "CIP Security with Rockwell Automation Products" (publication SECURE-AT001) For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight  to minimize the risk of the vulnerability. Customers can use Stakeholder-Specific Vulnerability Categorization https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc  to generate more environment-specific prioritization.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203