CVE-2024-2424 Rockwell Automation CVE debrief

Who should care

Industrial control system operators using Rockwell Automation 5015-AENFTXT adapters in manufacturing, critical infrastructure, and process control environments where device availability is essential for operations.

Technical summary

The vulnerability stems from insufficient input validation when processing PTP (Precision Time Protocol) packets. A malformed PTP packet sent to the secondary adapter triggers a Major Non-Recoverable Fault (MNRF), causing complete device unavailability until manual restart. The attack requires no authentication and can be executed remotely over the network. Affected firmware versions are 2.011 and later versions prior to 2.012.

Defensive priority

HIGH

Recommended defensive actions

• Update affected 5015-AENFTXT devices to firmware version 2.012 or later per vendor guidance
• If immediate patching is not feasible, implement network segmentation to restrict PTP traffic to trusted sources only
• Apply CISA ICS-recommended security best practices for industrial control systems
• Monitor for unexpected device restarts or MNRF events that may indicate exploitation attempts
• Review Rockwell Automation security advisory for detection rules and additional mitigation options

Evidence notes

CISA CSAF source identifies affected versions as 5015-AENFTXT firmware >=v2.011 and <v2.012. Attack vector requires network access and malformed PTP (Precision Time Protocol) packets. CVSS 3.1 score of 7.5 reflects high availability impact with no confidentiality or integrity impact.

Official resources