The recent cybersecurity advisory from Rockwell Automation highlights a critical vulnerability affecting the 5015-AENFTXT ethernet/IP adapter. This vulnerability, categorized as “Improper Input Validation” (CWE-20), allows attackers to crash the device and impact system availability. Affected product versions range from v2.011 to v2.012.
Exploitation of this vulnerability results in a major nonrecoverable fault (MNRF) in the secondary adapter, requiring a manual restart of the device. Additionally, a malformed PTP packet is needed to trigger the exploit. CVE-2024-2424 has been assigned to this vulnerability, with a CVSS v4 score of 8.7, indicating a high severity level.
Rockwell Automation recommends updating affected devices to version v2.012 to mitigate the risk. However, users who cannot upgrade are advised to apply security best practices and minimize network exposure. This includes ensuring control system devices are not accessible from the internet, utilizing firewalls to isolate control system networks, and using secure remote access methods such as Virtual Private Networks (VPNs).
CISA echoes these recommendations and emphasizes the importance of performing impact analysis and risk assessment before deploying defensive measures. Proactive cybersecurity strategies, detailed in various resources available on the CISA website, are encouraged for the protection of industrial control system assets.
At present, there are no known public exploits targeting this vulnerability. Nevertheless, organizations are urged to remain vigilant and report any suspicious activity to CISA for further investigation.
