ICSA-24-107-03
·
Published 2024-05-09
·
View on CISA ICS-CERT ↗
Rockwell Automation ControlLogix and GuardLogix (Update A)
CVSS 8.6
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to cause a major nonrecoverable fault (MNRF) resulting in the product to become unavailable.
CVEs (1)
Remediations
- Rockwell Automation has released product updates addressing this vulnerability:
- ControlLogix 5580: Update to version V35.013 or V36.011
- GuardLogix 5580: Update to version V35.013 or V36.011
- CompactLogix 5380: Update to version V35.013 or V36.011
- 1756-EN4TR: Update to version V6.001
- Compact GuardLogix 5380: Update to version V35.013, V36.011 and later
- ControlLogix 5580 Process: Update to version V35.013, V36.011 and later
- CompactLogix 5380 Process: Update to version V35.013, V36.011 and later
- CompactLogix 5480: Update to version V35.013, V36.011 and later
- For more information, see Rockwell Automation's security advisory (Login required).
Affected Vendors
Rockwell Automation
Affected Products (8)
Rockwell Automation
·
ControlLogix 5580
V35.011
Rockwell Automation
·
GuardLogix 5580
V35.011
Rockwell Automation
·
CompactLogix 5380
V35.011
Rockwell Automation
·
1756-EN4TR
V5.001
Rockwell Automation
·
Compact GuardLogix 5380
V35.011
Rockwell Automation
·
ControlLogix 5580 Process
V35.011
Rockwell Automation
·
CompactLogix 5380 Process
V35.011
Rockwell Automation
·
CompactLogix 5480
V35.011
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more