CVE-2017-6024

Name of the Vulnerable Software and Affected Versions Rockwell Automation ControlLogix 5580 controllers versions V28.011 through V28.013 Rockwell Automation ControlLogix 5580 controllers version V29.011 Rockwell Automation CompactLogix 5380 controllers version V28.011 Rockwell Automation CompactLogix 5380 controllers version V29.011

Description A Resource Exhaustion issue may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.

Recommendations For Rockwell Automation ControlLogix 5580 controllers versions V28.011 through V28.013, update to a version that includes a fix for this issue. For Rockwell Automation ControlLogix 5580 controllers version V29.011, update to a version that includes a fix for this issue. For Rockwell Automation CompactLogix 5380 controllers version V28.011, update to a version that includes a fix for this issue. For Rockwell Automation CompactLogix 5380 controllers version V29.011, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the CIP-based commands to minimize the risk of exploitation.