Description
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Rockwell Automation / Compact GuardLogix 538031.011 and later – 31.011 and later
- Rockwell Automation / CompactLogix 538031.011 and later – 31.011 and later
- Rockwell Automation / CompactLogix® 548032.011 and later – 32.011 and later
- Rockwell Automation / ControlLogix® 558031.011 and later – 31.011 and later
- Rockwell Automation / GuardLogix 558031.011 and later – 31.011 and later