CVE-2024-6207

Summary

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationControlLogix® 5580V28.011affected
Rockwell AutomationControlLogix® 5580 ProcessV33.011affected
Rockwell AutomationGuardLogix 5580V31.011affected
Rockwell AutomationCompactLogix 5380V28.011affected
Rockwell AutomationCompact GuardLogix 5380 SIL 2V31.011affected
Rockwell AutomationCompact GuardLogix 5380 SIL 3V32.013affected
Rockwell AutomationCompactLogix 5480V32.011affected
Rockwell AutomationFactoryTalk® Logix EchoV33.011affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References