Description
A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Rockwell Automation / CompactLogix, ControlLogixVersions prior to 34.016 – Versions prior to 34.016
- Rockwell Automation / CompactLogix, ControlLogixVersions prior to 35.015 – Versions prior to 35.015
- Rockwell Automation / CompactLogix, ControlLogixVersions prior to 36.012 – Versions prior to 36.012