SD1707 | Security Advisory | Rockwell Automation

Severity:

High

Advisory ID:

SD1707

Published Date:

October 10, 2024

Last Updated:

October 10, 2024

Revision Number:

1.0

Known Exploited Vulnerability (KEV):

Corrected:

Yes

Workaround:

CVE IDs

CVE-2024-6207

Downloads

The following link(s) provide the security advisory in Vulnerability Exploitability Exchange format:

CVE-2024-6207

Summary

ControlLogix Vulnerable to Denial of Service via CIP Messages

Published Date: October 10, 2024
Last updated: October 10, 2024
Revision Number: 1.0
CVSS Score: v3.1: 7.5, v4.0: 8.7

AFFECTED PRODUCTS AND SOLUTION

Affected Product	First Known in firmware revision	Corrected in firmware revision
ControlLogix® 5580	V28.011	V33.017, V34.014, V35.013, V36.011 and later
ControlLogix® 5580 Process	V33.011	V33.017, V34.014, V35.013, V36.011 and later
GuardLogix 5580	V31.011	V33.017, V34.014, V35.013, V36.011 and later
CompactLogix 5380	V28.011	V33.017, V34.014, V35.013, V36.011 and later
Compact GuardLogix 5380 SIL 2	V31.011	V33.017, V34.014, V35.013, V36.011 and later
Compact GuardLogix 5380 SIL 3	V32.013	V33.017, V34.014, V35.013, V36.011 and later
CompactLogix 5480	V32.011	V33.017, V34.014, V35.013, V36.011 and later
FactoryTalk® Logix Echo	V33.011	V34.014, V35.013, V36.011 and later

VULNERABILITY DETAILS

Rockwell Automation used version 3.1 and 4.0 of the CVSS scoring system to assess the following vulnerabilities. The following vulnerability was reported to Rockwell Automation by Trevor Flynn.

CVE-2024-6207 IMPACT

A denial-of-service vulnerability exists in the affected products that will cause the device to result in a major nonrecoverable fault (MNRF) when it receives an invalid CIP request. To exploit this vulnerability a malicious user must chain this exploits with CVE 2021-22681

and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.

CVSS Base Score v3.1: 7.5/10

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS Base Score v4.0: 8.7/10

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE: CWE-20: Improper Input Validation

Known Exploited Vulnerability (KEV) database: No

Users can use Stakeholder-Specific Vulnerability Categorization

to generate more environment-specific prioritization.

Mitigations and Workarounds

Users using the affected software are also encouraged to apply security best practices to minimize the risk of vulnerability.

Security Best Practices

ADDITIONAL RESOURCES

JSON CVE-2024-6207