Executive Summary

This vulnerability is a denial-of-service (DoS) issue in the Rockwell Automation Compact GuardLogix 5370 programmable automation controller. It occurs when a specially crafted CIP (Common Industrial Protocol) unconnected explicit message is sent to the device, triggering a major non-recoverable fault (MNRF) that causes the system to stop functioning properly and not recover. [1]

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability is that it can cause the affected controller to experience a major non-recoverable fault, resulting in the system stopping its operation and not recovering. This denial-of-service condition can disrupt industrial automation processes that rely on the controller, potentially leading to operational downtime and loss of control over safety and motion functions. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring for specially crafted CIP unconnected explicit messages sent to the affected Rockwell Automation Compact GuardLogix 5370 controllers (version 30.012 and earlier). Network traffic analysis tools can be used to inspect EtherNet/IP traffic for unusual or malformed CIP messages. Specific commands are not provided in the available resources. Users should monitor for system crashes or major non-recoverable faults (MNRF) on the device, which indicate exploitation attempts. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the affected Rockwell Automation Compact GuardLogix 5370 controller software to version 30.14 or later, where the vulnerability has been corrected. If upgrading immediately is not possible, users should follow Rockwell Automation's security best practices to reduce exposure. No workaround is available. Additionally, subscribing to Rockwell Automation security alerts and reviewing vulnerability policies is recommended. [1]

Useful 0 Not Useful 0