Trevor Flynn

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ControlLogix versions (affected versions not specified) Rockwell Automation CompactLogix 5380 (affected versions not specified) Rockwell Automation Compact GuardLogix 5380 SIL 2 (affected versions not specified) Rockwell Automation Compact GuardLogix 5380 SIL 3 (affected versions not specified) Rockwell Automation CompactLogix 5480 (affected versions not specified) Rockwell Automation FactoryTalk Logix Echo (affected versions not specified) Description: The issue is related to errors in processing input data in the CIP Message Handler component of Rockwell Automation programmable logic controllers. Exploitation of this issue could allow a remote attacker to cause a denial of service, disrupting access to legitimate users and ending connections to connected devices, including workstations. To recover the controllers, a download is required, which ends any process that the controller is running. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.