CVE-2020-6998

Name of the Vulnerable Software and Affected Versions Rockwell Automation CompactLogix 5370 versions prior to 34 Rockwell Automation ControlLogix 5570 versions prior to 34 Rockwell Automation CompactLogix 5370 L1 versions prior to 34 Rockwell Automation CompactLogix 5370 L2 versions prior to 34 Rockwell Automation CompactLogix 5370 L3 versions prior to 34 Rockwell Automation Compact GuardLogix 5370 versions prior to 34 Rockwell Automation GuardLogix 5370 versions prior to 34 Rockwell Automation Compact GuardLogix versions prior to 34

Description The connection establishment algorithm in the affected products does not manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. An attacker can exploit this issue by sending a specially crafted CIP packet, potentially leading to a denial-of-service condition.

Recommendations For Rockwell Automation CompactLogix 5370 versions prior to 34, update to version 34 or later. For Rockwell Automation ControlLogix 5570 versions prior to 34, update to version 34 or later. For Rockwell Automation CompactLogix 5370 L1 versions prior to 34, update to version 34 or later. For Rockwell Automation CompactLogix 5370 L2 versions prior to 34, update to version 34 or later. For Rockwell Automation CompactLogix 5370 L3 versions prior to 34, update to version 34 or later. For Rockwell Automation Compact GuardLogix 5370 versions prior to 34, update to version 34 or later. For Rockwell Automation GuardLogix 5370 versions prior to 34, update to version 34 or later. For Rockwell Automation Compact GuardLogix versions prior to 34, update to version 34 or later.