PatchSiren cyber security CVE debrief
CVE-2024-22019 Rockwell Automation CVE debrief
Rockwell Automation FactoryTalk Policy Manager is affected by CVE-2024-22019, a network-reachable denial-of-service issue in Node.js HTTP server handling of chunked encoding. According to the CISA CSAF advisory, a specially crafted HTTP request can cause the server to read an unbounded number of bytes from a single connection via chunk extension processing, which can exhaust CPU and network bandwidth and bypass common safeguards such as timeouts and body-size limits. Rockwell Automation states the issue is corrected in software Version 6.60.00 and later. The supplied corpus does not indicate KEV listing, known ransomware use, or exploit details beyond the advisory description, so the main defensive focus should be prompt patching and limiting exposure of the affected service.
- Vendor
- Rockwell Automation
- Product
- FactoryTalk Policy Manager
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-11-13
- Original CVE updated
- 2025-11-13
- Advisory published
- 2025-11-13
- Advisory updated
- 2025-11-13
Who should care
Industrial control system defenders, Rockwell Automation FactoryTalk Policy Manager administrators, OT security teams, and anyone responsible for exposed or broadly reachable Node.js-based management services in industrial environments.
Technical summary
CVE-2024-22019 is a denial-of-service vulnerability with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is described as an unbounded-read condition in chunked HTTP request processing, where a crafted request can drive resource exhaustion on a single connection. The impact is availability-only, but the attack is reachable over the network and requires no privileges or user interaction.
Defensive priority
High: the issue is network-reachable, requires no authentication, and can exhaust service resources. Prioritize upgrading exposed or business-critical FactoryTalk Policy Manager deployments.
Recommended defensive actions
- Upgrade Rockwell Automation FactoryTalk Policy Manager to Version 6.60.00 or later, as stated in the advisory.
- If you cannot upgrade immediately, follow Rockwell Automation security best practices and contact TechConnect for guidance.
- Reduce exposure of the affected service by limiting access to trusted administrators and networks only.
- Monitor the service for unusual resource exhaustion or repeated HTTP chunked-transfer traffic that could indicate abuse of the affected code path.
Evidence notes
Source evidence comes from the CISA CSAF advisory ICSA-25-317-09 for Rockwell Automation FactoryTalk Policy Manager, published 2025-11-13 with initial revision 1. The advisory describes a chunked-encoding HTTP denial-of-service condition and lists remediation as Version 6.60.00 and later. The supplied corpus shows CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and no KEV, ransomware, or exploit-prevalence fields populated.
Official resources
-
CVE-2024-22019 CVE record
CVE.org
-
CVE-2024-22019 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-317-09 on 2025-11-13 (initial revision 1). The supplied corpus does not indicate KEV listing, known ransomware use, or any verified exploitation in the wild.