Description
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Rockwell Automation / 1756-EN4v2.001 – v2.001
- Rockwell Automation / Compact GuardLogix 5380 SIL 2v.32.013 – v.32.013
- Rockwell Automation / Compact GuardLogix 5380 SIL 3v.32.011 – v.32.011
- Rockwell Automation / CompactLogix 5380v.32 .011 – v.32 .011
- Rockwell Automation / CompactLogix 5380 Processv.33.011 – v.33.011
- Rockwell Automation / CompactLogix® 5480v.32.011 – v.32.011
- Rockwell Automation / ControlLogix® 5580v.32.011 – v.32.011
- Rockwell Automation / ControlLogix® 5580 Processv.33.011 – v.33.011
- Rockwell Automation / GuardLogix 5580v.32.011 – v.32.011