ICSA-24-226-10
·
Published 2024-08-13
·
View on CISA ICS-CERT ↗
Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380
CVSS 8.6
HIGH
Risk Summary
Successful exploitation of this vulnerability could crash the device being accessed.
CVEs (1)
Remediations
- Rockwell Automation recommends the following actions:
- Update products to v36.011, v35.013, v34.014 or later.
- Restrict communication to CIP object 103 (0x67)
- For information on how to mitigate Security Risks on industrial automation control systems, Rockwell Automation encourages customers to implement their suggested security best practices to minimize the risk of the vulnerability.
Affected Vendors
Rockwell Automation
Affected Products (5)
Rockwell Automation
·
CompactLogix 5380 (5069 - L3z)
<v36.011_v35.013_v34.014
Rockwell Automation
·
CompactLogix 5480 (5069 - L4)
<v36.011_v35.013_v34.014
Rockwell Automation
·
ControlLogix 5580 (1756 - L8z)
<v36.011_v35.013_v34.014
Rockwell Automation
·
GuardLogix 5580 (1756 - L8z)
<v36.011_v35.013_v34.014
Rockwell Automation
·
Compact GuardLogix 5380 (5069 - L3zS2)
<v36.011_v35.013_v34.014
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more