Vulnerability Analysis and Mitigation Strategies for Rockwell Automation

Vulnerability Overview for Rockwell Automation

The vulnerability overview for Rockwell Automation ControlLogix & GuardLogix involves improper input validation, specifically a malformed fragmented packet type, which can result in a major nonrecoverable fault (MNRF), rendering the affected product unavailable and necessitating a manual restart.

This vulnerability (CVE-2024-3493) has a CVSS v3.1 base score of 8.6 & a CVSS v4 score of 9.2.

Mitigation Techniques

To address this vulnerability, Rockwell Automation has issued product upgrades that users should implement:

  • ControlLogix 5580: Update to version V35.013 or V36.011
  • GuardLogix 5580: Update to version V35.013 or V36.011
  • CompactLogix 5380: Update to version V35.013 or V36.011
  • 1756-EN4TR: Update to version V6.001

Furthermore, to reduce the risk of exploitation, users should take defensive measures such as limiting network exposure, utilizing firewalls to isolate control system networks, using secure remote access methods such as Virtual Private Networks (VPNs), as well as ensuring VPNs are up to date.

Organizations are also encouraged to conduct impact assessments, implement recommended cybersecurity procedures, and contact CISA for more information & reporting of any suspicious activity.

Reference

Security Advisories | Rockwell Automation

You can also follow us on AutomationForum.co, Facebook and Linkedin to receive daily Instrumentation updates.

You can also follow us on ForumElectrical.com, Facebook and Linkedin to receive daily Electrical updates.