8.7
CWE
20
Advisory Published
Updated

CVE-2024-6207: Input Validation

First published: Mon Oct 14 2024(Updated: )

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.

Credit: PSIRT@rockwellautomation.com

Affected SoftwareAffected VersionHow to fix
All of
Any of
Rockwellautomation Controllogix 5580 Firmware>=28.011<33.017
Rockwellautomation Controllogix 5580 Firmware>=34.011<34.014
Rockwellautomation Controllogix 5580 Firmware>=35.011<35.013
Rockwellautomation Controllogix 5580
All of
Any of
Rockwellautomation Controllogix 5580 Process Firmware>=33.011<33.017
Rockwellautomation Controllogix 5580 Process Firmware>=34.011<34.014
Rockwellautomation Controllogix 5580 Process Firmware>=35.011<35.013
Rockwellautomation Controllogix 5580 Process
All of
Any of
Rockwellautomation Guardlogix 5580 Firmware>=31.011<33.017
Rockwellautomation Guardlogix 5580 Firmware>=34.011<34.014
Rockwellautomation Guardlogix 5580 Firmware>=35.011<35.013
Rockwellautomation Guardlogix 5580
All of
Any of
Rockwellautomation Compactlogix 5380 Firmware>=28.011<33.017
Rockwellautomation Compactlogix 5380 Firmware>=34.011<34.014
Rockwellautomation Compactlogix 5380 Firmware>=35.011<35.013
Rockwellautomation Compactlogix 5380
All of
Any of
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware>=31.011<33.017
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware>=34.011<34.014
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware>=35.011<35.013
Rockwellautomation Compact Guardlogix 5380 Sil 2
All of
Any of
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware>=32.013<33.017
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware>=34.011<34.014
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware>=35.011<35.013
Rockwellautomation Compact Guardlogix 5380 Sil 3
All of
Any of
Rockwellautomation Compactlogix 5480 Firmware>=32.011<33.017
Rockwellautomation Compactlogix 5480 Firmware>=34.011<34.014
Rockwellautomation Compactlogix 5480 Firmware>=35.011<35.013
Rockwellautomation Compactlogix 5480
All of
Any of
Rockwellautomation Factorytalk Logix Echo Firmware>=33.011<34.014
Rockwellautomation Factorytalk Logix Echo Firmware>=35.011<35.013
Rockwellautomation Factorytalk Logix Echo

Remedy

AFFECTED PRODUCTS AND SOLUTION Affected Product First Known in firmware revisionCorrected in firmware revisionControlLogix® 5580V28.011V33.017, V34.014, V35.013, V36.011 and laterControlLogix® 5580 ProcessV33.011V33.017, V34.014, V35.013, V36.011 and laterGuardLogix 5580V31.011 V33.017, V34.014, V35.013, V36.011 and laterCompactLogix 5380V28.011 V33.017, V34.014, V35.013, V36.011 and laterCompact GuardLogix 5380 SIL 2V31.011V33.017, V34.014, V35.013, V36.011 and laterCompact GuardLogix 5380 SIL 3V32.013V33.017, V34.014, V35.013, V36.011 and laterCompactLogix 5480V32.011V33.017, V34.014, V35.013, V36.011 and laterFactoryTalk® Logix Echo V33.011V34.014, V35.013, V36.011 and later

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203