← Back to home
ICSA-22-144-01  ·  Published 2022-05-24  ·  View on CISA ICS-CERT ↗

Rockwell Automation Logix Controllers

CVSS 6.8 MEDIUM

Risk Summary

Successful exploitation of this vulnerability may allow an unauthorized user to send malicious messages to the targeted device, which could lead to a denial-of-service condition.

CVEs (1)

Remediations

  • Rockwell Automation recommends users update to the latest firmware version to mitigate this vulnerability. Users are directed towards the risk mitigation provided below and are encouraged (where possible) to combine these with the general security guidelines below to employ multiple strategies simultaneously. Users should go to Rockwell Automation's Product Compatibility & Download Center to download the latest firmware.
  • CompactLogix 5380, Compact GuardLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580: Upgrade to v33.011 firmware
  • CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, GuardLogix 5570: Upgrade to v34.011 firmware
  • Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with products from Rockwell Automation is available in Knowledgebase article QA17329.
  • Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.
  • Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted websites and attachments.
  • Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, see Knowledgebase article PN715.
  • Locate control system networks and devices behind firewalls and isolate them from the business network.
  • When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as connected devices.
  • Please see Rockwell Automation's security advisory PN1596 for more information.

Affected Vendors

Rockwell Automation

Affected Products (9)

Rockwell Automation · Compact GuardLogix 5370 controllers <= 33.013
Rockwell Automation · Compact GuardLogix 5380 controllers <= 32.013
Rockwell Automation · CompactLogix 5370 controllers <= 33.013
Rockwell Automation · CompactLogix 5380 controllers <= 32.013
Rockwell Automation · CompactLogix 5480 controllers <= 32.013
Rockwell Automation · ControlLogix 5570 controllers <= 33.013
Rockwell Automation · ControlLogix 5580 controllers <= 32.013
Rockwell Automation · GuardLogix 5570 controllers <= 33.013
Rockwell Automation · GuardLogix 5580 controllers <= 32.013

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more