1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Rockwell Automation
- Equipment: ControlLogix
- Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to send a specially crafted CIP message and cause a denial-of-service condition on the affected device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Rockwell Automation products are affected:
- ControlLogix 5580: Versions prior to V33.017, V34.014, V35.013, V36.011
- ControlLogix 5580 Process: Versions prior to V33.017, V34.014, V35.013, V36.011
- GuardLogix 5580: Versions prior to V33.017, V34.014, V35.013, V36.011
- CompactLogix 5380: Versions prior to V33.017, V34.014, V35.013, V36.011
- Compact GuardLogix 5380 SIL 2: Versions prior to V33.017, V34.014, V35.013, V36.011
- Compact GuardLogix 5380 SIL 3: Versions prior to V33.017, V34.014, V35.013, V36.011
- CompactLogix 5480: Versions prior to V33.017, V34.014, V35.013, V36.011
- FactoryTalk Logix Echo: Versions prior to V33.017, V34.014, V35.013, V36.011
3.2 Vulnerability Overview
3.2.1 Improper Input Validation CWE-20
A denial-of-service vulnerability exists in the affected products that will cause the device to result in a major nonrecoverable fault (MNRF) when it receives an invalid CIP request. To exploit this vulnerability, a malicious user must chain this exploit with CVE 2021-22681 and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.
Read the original article: