CVE-2024-12372 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation PowerMonitor 1000 series power monitoring devices in industrial environments, including manufacturing facilities, utilities, and critical infrastructure operators. Asset owners with OT/ICS networks where these devices provide electrical monitoring and control functions.

Technical summary

The vulnerability exists in the heap memory management of affected PowerMonitor 1000 firmware versions prior to 4.020. Network-accessible attack vectors allow unauthenticated remote exploitation without user interaction. Successful exploitation corrupts heap memory structures, potentially leading to arbitrary code execution with device-level privileges or system crash conditions. The attack surface is exposed through network services on affected devices.

Defensive priority

critical

Recommended defensive actions

• Upgrade affected PowerMonitor 1000 devices to firmware version 4.020 or later immediately
• If immediate patching is not feasible, apply CISA ICS recommended practices for network segmentation and access control
• Monitor for anomalous network traffic to affected devices
• Review Rockwell Automation security advisory for additional vendor-specific guidance

Evidence notes

Source: CISA CSAF advisory ICSA-24-352-03. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Affected products confirmed via CSAF product tree with 14 distinct PM1k variants. Remediation guidance specifies firmware 4.020 as corrected version.

Official resources