Denial-of-service Vulnerability in ControlLogix® and GuardLogix® Controllers
Published Date: January 30, 2024
Last updated: 1.0
Revision Number: 1.0
CVSS Score: 8.6
AFFECTED PRODUCTS AND SOLUTION
Corrected in Firmware |
||
ControlLogix® 5570 |
20.011 |
v33.016, 34.013, 35.012, 36.011 and later |
GuardLogix® 5570 |
20.011 |
v33.016, 34.013, 35.012, 36.011 and later |
ControlLogix® 5570 Redundancy |
20.054_kit1 |
v33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and later |
Mitigations and Workarounds
Customers using the affected software are encouraged to apply the risk mitigations, if possible. Additionally, we encourage customers to implement our suggested security best practices to minimize the risk of vulnerability.
VULNERABILITY DETAILS
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2024 21916 IMPACT
A denial-of-service vulnerability exists in the affected products, listed above. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF .
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE: Improper Restriction of Operations within the Bounds of a Memory Buffer
Known Exploited Vulnerability (KEV) database: No
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
ADDITIONAL RESOURCES
