Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380

Risk Summary

Successful exploitation of this vulnerability may cause the device to become unavailable and require a factory reset to recover.

CVEs (1)

Remediations

• Rockwell Automation has addressed the problem in the following versions:
• CompactLogix 5380: v33.017, v34.014, v35.013, v36.011 and later
• CompactLogix 5380 Process: v33.017, v34.014, v35.013, v36.011 and later
• Compact GuardLogix 5380 SIL 2: v33.017, v34.014, v35.013, v36.011 and later
• Compact GuardLogix 5380 SIL 3: v33.017, v34.014, v35.013, v36.011 and later
• CompactLogix 5480: v33.017, v34.014, v35.013, v36.011 and later
• ControlLogix 5580: v33.017, v34.014, v35.013, v36.011 and later
• ControlLogix 5580 Process: v33.017, v34.014, v35.013, v36.011 and later
• GuardLogix 5580: v33.017, v34.014, v35.013, v36.011 and later
• 1756-EN4: v6.001 and later
• Rockwell Automation encourages users of the affected software, who are not able to upgrade to one of the corrected versions above, to apply the risk mitigation below:
• Users who do not wish to use CIP security can disable the feature per device. See "Disable CIP Security" in Chapter 2 of "CIP Security with Rockwell Automation Products" (publication SECURE-AT001)
• For information on how to mitigate security risks in industrial automation control systems, Rockwell Automation encourages customers to implement their suggested security best practices to minimize the risk of the vulnerability.
• For more information, see Rockwell Automation's security advisory.

Affected Vendors

Affected Products (9)

Affected Sectors

Critical Manufacturing