Executive Summary

This vulnerability affects Rockwell Automation's CompactLogix 5480 controllers running specific software versions on Windows 10 IoT Enterprise. An attacker with physical access can exploit the controller's maintenance menu by using a specially crafted payload, which leads to arbitrary code execution. Essentially, the attacker can run unauthorized code on the device due to missing authentication for critical functions. [1]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows an attacker with physical access to execute arbitrary code on the affected controller. This could lead to unauthorized control or manipulation of the device, potentially disrupting operations or causing unsafe conditions in environments relying on these controllers. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves identifying affected Rockwell Automation CompactLogix 5480 controllers running software versions 32 through 37.011 with the Windows package (2.1.0) on Windows 10 version 1607. Since the vulnerability requires physical access and exploitation of the maintenance menu with a crafted payload, network-based detection commands are not specified. Users should verify device catalog numbers (5069-L430ERMW, 5069-L450ERMW, 5069-4100ERMW, 5069-L4200ERMW, 5069-L46ERMW) and software versions to assess exposure. No specific detection commands are provided in the resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting physical access to affected controllers to prevent exploitation via the maintenance menu. Since no software fix is currently available, users should follow Rockwell Automation’s system security design guidelines and best security practices. Contacting Rockwell Automation TechConnect for support and guidance is also recommended. [1]

Useful 0 Not Useful 0