Loading

PN1554 | CompactLogix 5370 and ControlLogix 5570 Controllers Vulnerable to Denial of Service Conditions due to Improper Input Validation

Severity:
Medium
Advisory ID:
PN1554
发布日期:
February 07, 2023
上次更新时间:
February 07, 2023
Revision Number:
1.2
Known Exploited Vulnerability (KEV):
否
Corrected:
否
Workaround:
否
CVE IDs
CVE-2020-6998
摘要
CompactLogix 5370 and ControlLogix 5570 Controllers Vulnerable to Denial of Service Conditions due to Improper Input Validation

Revision History
Revision Number
1.2
Revision History
Version 1.0 – March 2, 2021. Initial Release
Version 1.2 – February 7, 2023 - Updated affected products and risk mitigations section

Executive Summary

CompactLogix™ 5370 and ControlLogix® 5570 Programmable Automation Controllers (PACs) contain a vulnerability in the connection establishment algorithm that could allow a remote, unauthenticated attacker to cause infinite wait times in communications with other products resulting in denial of service conditions. The Cybersecurity & Infrastructure Security Agency (CISA) reported this vulnerability to Rockwell Automation by way of an anonymous researcher.

Customers using the affected products are strongly encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products.

Affected Products

The following products are affected:
  • CompactLogix 5370
  • Compact GuardLogix 5370
  • ControlLogix 5570
  • ControlLogix 5570 redundancy
  • GuardLogix 5570

Vulnerability Details

CVE-2020-6998: Improper Input Validation Causes Denial of Service Condition
The connection establishment algorithm found in CompactLogix 5370 and ControlLogix 5570 does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP™ packet requests to a controller, which may cause denial of service conditions in communications with other products.

CVSS v3.1 Base Score: 5.8/10 [MEDIUM]
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Risk Mitigation & User Action

Customers using the affected products are encouraged to update to an available firmware version that addresses the associated risk. Customers who are unable to update are directed towards risk mitigation strategies provided below and are encouraged, when possible, to combine these with the general security guidelines to employ multiple strategies simultaneously.

CVE-2020-6998
Products Affected First Known Version Affected Corrected In
CompactLogix 5370
ControlLogix 5570
GuardLogix 5570
20.011 33.011 and later
Compact GuardLogix 5370 28.011 33.011 and later
ControlLogix 5570 Redundancy 20.054 33.051 and later

General Security Guidelines

Network-based Vulnerability Mitigations for Embedded Products
  • Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.
  • Block all traffic to EtherNet/IP™ or other CIP™ protocol-based devices from outside the Manufacturing Zone by blocking or restricting access to TCP and UDP Port# 2222 and Port# 44818 using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article BF7490 - TCP/UDP Ports Used by Rockwell Automation Products.

General Mitigations
  • Locate control system networks and devices behind firewalls and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.

Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.

Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.

We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at: PN1354 - Industrial Security Advisory Index.

Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.

Requests for additional information can be sent to the RASecure Inbox (rasecure@ra.rockwell.com).



ADDITIONAL LINKS
  • PN1354 - Industrial Security Advisory Index
  • Industrial Firewalls within a CPwE Architecture
  • Deploying Industrial Firewalls within a CPwE Architecture Design and Implementation Guide
  • ICSA-21-061-02

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 主页
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
请更新您的Cookies偏好以继续.
此功能需要Cookies来增强您的体验。请更新您的系统偏好以允许使用这些Cookies:
  • 社交媒体Cookies
  • 功能Cookies
  • 性能 Cookies
  • 市场营销Cookies
  • 所有Cookies
您可以随时更新您的系统偏好。如需了解更多信息,请参阅我们的 {0} 隐私政策
CloseClose