Rockwell Automation has identified a vulnerability in its ControlLogix, GuardLogix, CompactLogix, and Compact GuardLogix series controllers, as well as the 1756-EN4 module. The flaw, labeled CVE-2024-6077, stems from improper input validation, specifically when specially crafted packets are sent to the CIP security object. This vulnerability could lead to a denial-of-service (DoS) condition, making the affected device unavailable and requiring a factory reset to recover. The CVSS v4 score for this vulnerability is 8.7, indicating a high level of severity, though it is exploitable with low attack complexity.
The vulnerability impacts several versions of these controllers, including ControlLogix 5580, CompactLogix 5380, and CompactLogix 5480, with versions up to v32.011 being affected. When exploited, the flaw forces a device into a state of unavailability, requiring a factory reset for recovery. Rockwell Automation has provided updated versions, including v33.017 and later, that resolve this vulnerability. Users are urged to upgrade their systems to these versions to mitigate the risk of exploitation.
For users unable to perform upgrades, Rockwell Automation recommends disabling the CIP security feature or following other suggested security best practices to reduce the likelihood of exploitation. Additionally, CISA has issued guidance to minimize the risk of exploitation, advising that control systems be protected from internet exposure and placed behind firewalls. Secure methods of remote access, such as virtual private networks (VPNs), are also recommended, with the caveat that VPNs must be kept up to date and secure.
No known public exploitation of this vulnerability has been reported at the time of the advisory’s release. Rockwell Automation continues to offer mitigation strategies and urges affected users to follow the provided guidelines for securing their devices. CISA also encourages organizations to implement comprehensive cybersecurity strategies for the defense of critical infrastructure assets, with resources available to help with threat detection and response.
Reference:
