Detections
Analytics

Rockwell Automation ControlLogix Improper Input Validation (CVE-2024-6207)

high Tenable OT Security Plugin ID 502648

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A denial-of-service vulnerability exists in the affected products that will cause the device to result in a major nonrecoverable fault (MNRF) when it receives an invalid CIP request. To exploit this vulnerability a malicious user must chain this exploits with CVE-2021-22681 and send a specially crafted CIP message to the device.

If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automations recommends users update to V33.017, V34.014, V35.013, or V36.011.

Additionally, Rockwell automation encourages users to apply security best practices to minimize the risk of vulnerability.

- Security Best Practices

For more information about this issue, please see the advisory on the Rockwell Automation security page.

See Also

http://www.nessus.org/u?fdd32ab4

https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-20

Plugin Details

Severity: High

ID: 502648

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 10/21/2024

Updated: 12/12/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2024-6207

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rockwellautomation:compactlogix_5480_firmware:35, cpe:/o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:34, cpe:/o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:35, cpe:/o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:34, cpe:/o:rockwellautomation:controllogix_5580_firmware:33, cpe:/o:rockwellautomation:guardlogix_5580_firmware:35, cpe:/o:rockwellautomation:guardlogix_5580_firmware:34, cpe:/o:rockwellautomation:compactlogix_5380_firmware:35, cpe:/o:rockwellautomation:compactlogix_5480_firmware:33, cpe:/o:rockwellautomation:controllogix_5580_firmware:34, cpe:/o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:35, cpe:/o:rockwellautomation:controllogix_5580_process_firmware:33, cpe:/o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:33, cpe:/o:rockwellautomation:controllogix_5580_process_firmware:35, cpe:/o:rockwellautomation:compactlogix_5480_firmware:34, cpe:/o:rockwellautomation:compactlogix_5380_firmware:34, cpe:/o:rockwellautomation:controllogix_5580_process_firmware:34, cpe:/o:rockwellautomation:guardlogix_5580_firmware:33, cpe:/o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:33, cpe:/o:rockwellautomation:controllogix_5580_firmware:35, cpe:/o:rockwellautomation:compactlogix_5380_firmware:33

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2024

Vulnerability Publication Date: 10/14/2024

Reference Information

CVE: CVE-2024-6207

CWE: 20

ICSA: 24-284-20