CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-20
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html