Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380 Improper Input Validation (CVE-2024-6077)

high Tenable OT Security Plugin ID 502389

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation has addressed the problem in the following versions:

- CompactLogix 5380: v33.017, v34.014, v35.013, v36.011 and later
- CompactLogix 5380 Process: v33.017, v34.014, v35.013, v36.011 and later
- Compact GuardLogix 5380 SIL 2: v33.017, v34.014, v35.013, v36.011 and later
- Compact GuardLogix 5380 SIL 3: v33.017, v34.014, v35.013, v36.011 and later
- CompactLogix 5480: v33.017, v34.014, v35.013, v36.011 and later
- ControlLogix 5580: v33.017, v34.014, v35.013, v36.011 and later
- ControlLogix 5580 Process: v33.017, v34.014, v35.013, v36.011 and later
- GuardLogix 5580: v33.017, v34.014, v35.013, v36.011 and later
- 1756-EN4: v6.001 and later

Rockwell Automation encourages users of the affected software, who are not able to upgrade to one of the corrected versions above, to apply the risk mitigation below:

- Users who do not wish to use CIP security can disable the feature per device. See "Disable CIP Security" in Chapter 2 of "CIP Security with Rockwell Automation Products" (publication SECURE-AT001)

For information on how to mitigate security risks in industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices to minimize the risk of the vulnerability.

For more information, see Rockwell Automation's security advisory.

See Also

http://www.nessus.org/u?c84d07e1

https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-18

Plugin Details

Severity: High

ID: 502389

Version: 1.4

Type: remote

Family: Tenable.ot

Published: 9/23/2024

Updated: 12/18/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2024-6077

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rockwellautomation:compact_guardlogix_5069-l340erms3, cpe:/o:rockwellautomation:1756-en4_firmware, cpe:/o:rockwellautomation:compact_guardlogix_5069-l310ers2, cpe:/o:rockwellautomation:controllogix_5580_firmware, cpe:/o:rockwellautomation:compactlogix_5380_firmware, cpe:/o:rockwellautomation:guardlogix_5580_firmware, cpe:/o:rockwellautomation:compact_guardlogix_5069-l350erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l320ers2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l330erms2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l310ers2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l310erms2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l310erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l350erms2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l340ers2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l350ers2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l306ers2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l350erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l320erms3k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l380ers2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l310erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l380erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l3100erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l350ers2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l310erms3k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l330ers2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l320erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l350erms3k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l320ers2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l306erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l3100erms2, cpe:/o:rockwellautomation:compactlogix_5480_firmware, cpe:/o:rockwellautomation:compact_guardlogix_5069-l3100ers2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l306erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l330erms3k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l320erms2k, cpe:/o:rockwellautomation:compact_guardlogix_5069-l380erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l330erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l330erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l320erms3, cpe:/o:rockwellautomation:compact_guardlogix_5069-l340erms2, cpe:/o:rockwellautomation:compact_guardlogix_5069-l330ers2

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2024

Vulnerability Publication Date: 9/12/2024

Reference Information

CVE: CVE-2024-6077

CWE: 20

ICSA: 24-256-18