CVE-2024-7507

Name of the Vulnerable Software and Affected Versions: Rockwell Automation CompactLogix versions (affected versions not specified) Rockwell Automation ControlLogix versions (affected versions not specified) Rockwell Automation GuardLogix versions (affected versions not specified)

Description: A denial-of-service issue exists in the affected products. This issue occurs when a malformed PCCC message is received, causing a fault in the controller. The vulnerability is related to errors in processing input data, which can be exploited by a remote attacker to cause a denial of service.

Recommendations: For Rockwell Automation CompactLogix, consider disabling the PCCC message handler as a temporary workaround until a patch is available. For Rockwell Automation ControlLogix, restrict access to the controller to minimize the risk of exploitation until a fix is applied. For Rockwell Automation GuardLogix, avoid using the vulnerable PCCC protocol in the affected components until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.