CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
23.6%
**ATTENTION:**Remotely exploitable.
Vendor: Rockwell Automation
Equipment: ControlLogix 5580 and CompactLogix 5380
Vulnerability: Resource Exhaustion
This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.
The following versions of ControlLogix 5580 and CompactLogix 5380, programmable automation controllers, are affected:
Successful exploitation of this vulnerability could cause the device that the attacker is accessing to become unavailable.
Rockwell Automation recommends updating to the latest version of ControlLogix 5580 controllers, Version 30.011 or later, which is available at the following location:
Rockwell Automation recommends updating to the latest version of CompactLogix 5380 controllers, Version 30.011 or later, which is available at the following location:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=5069-L&crumb=112
For more information on this vulnerability and more detailed mitigation instructions, please see Rockwell Automationโs advisory labeled ControlLogix 5580 and CompactLogix 5380 Programmable Automation Controller Denial of Service, Version 1.0, April 4, 2017, at the following location:
<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041420>
As well as Rockwell Automationโs security page:
<http://www.rockwellautomation.com/security/overview.page>
ICS-CERT and Rockwell Automation recommend that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270>
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICSโCERT Technical Information Paper, ICS-TIP-12-146-01BโTargeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.
CVE-2017-6024 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Critical Infrastructure Sectors: Critical Manufacturing, Food and Agriculture, Transportation Systems, and Water
**Countries/Areas Deployed:**Worldwide
Company Headquarters Location: Milwaukee, Wisconsin
compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-L8&crumb=112
compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=5069-L&crumb=112
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6024
www.rockwellautomation.com/security/overview.page
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-05
cwe.mitre.org/data/definitions/400.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
rockwellautomation.custhelp.com/app/answers/detail/a_id/1041420
rockwellautomation.custhelp.com/app/answers/detail/a_id/898270
twitter.com/CISAgov
twitter.com/intent/tweet?text=Rockwell%20Automation%20ControlLogix%205580%20and%20CompactLogix%205380+https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-05
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-05&title=Rockwell%20Automation%20ControlLogix%205580%20and%20CompactLogix%205380
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-05
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Rockwell%20Automation%20ControlLogix%205580%20and%20CompactLogix%205380&body=www.cisa.gov/news-events/ics-advisories/icsa-17-094-05
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
23.6%