ICSA-24-163-01
·
Published 2024-06-11
·
View on CISA ICS-CERT ↗
Rockwell Automation ControlLogix, GuardLogix, and CompactLogix
CVSS 7.4
HIGH
Risk Summary
Successful exploitation of this vulnerability could compromise the availability of the device.
CVEs (1)
Remediations
- Rockwell Automation offers users the following solutions:
- ControlLogix 5580: corrected in V34.014, V35.013, V36.011 and later
- GuardLogix 5580: corrected in V34.014, V35.013, V36.011 and later
- 1756-EN4: corrected in V6.001 and later
- CompactLogix 5380: corrected in V34.014, V35.013, V36.011 and later
- Compact GuardLogix 5380: corrected in V34.014, V35.013, V36.011 and later
- CompactLogix 5480: corrected in V34.014, V35.013, V36.011 and later
- Rockwell Automation encourages users of the affected software, who are not able to upgrade to one of the corrected versions, to apply the risk mitigations where possible.
- Users who do not use Automatic Policy Deployment (APD) should block mDNS port, 5353 to help prevent communication.
- Enable CIP Security. CIP Security with Rockwell Automation Products Application Technique
- Security Best Practices
- For more information, see Rockwell Automation's security advisory
Affected Vendors
Rockwell Automation
Affected Products (6)
Rockwell Automation
·
ControlLogix 5580
V34.011
Rockwell Automation
·
GuardLogix 5580
V34.011
Rockwell Automation
·
1756-EN4
V4.001
Rockwell Automation
·
CompactLogix 5380
V34.011
Rockwell Automation
·
Compact GuardLogix 5380
V34.011
Rockwell Automation
·
CompactLogix 5480
V34.011
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more