CVE-2024-45825 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation 5015-U8IHFT devices in industrial environments, particularly those with network-exposed CIP endpoints. Critical infrastructure operators, manufacturing facilities, and OT security teams should prioritize patching due to the unauthenticated, remotely exploitable nature of this denial-of-service vulnerability.

Technical summary

The vulnerability exists in the CIP protocol implementation of Rockwell Automation 5015-U8IHFT devices. A malformed CIP packet sent over the network triggers a major nonrecoverable fault, causing complete device failure and denial-of-service. The attack requires no authentication or user interaction and can be executed remotely over the network. The CVSS 3.1 score of 7.5 reflects high availability impact with network accessibility and low attack complexity. Firmware version 2.011 contains the vendor fix for this vulnerability.

Defensive priority

HIGH

Recommended defensive actions

• Update affected Rockwell Automation 5015-U8IHFT devices to firmware version 2.011 or later.
• If immediate patching is not feasible, implement network segmentation to restrict CIP traffic to authorized sources only.
• Apply CISA ICS recommended security best practices for industrial control systems.
• Monitor network traffic for anomalous CIP packets directed at affected devices.
• Review Rockwell Automation security advisory for additional vendor-specific guidance.

Evidence notes

Vulnerability details sourced from CISA ICS Advisory ICSA-24-256-21. Affected product confirmed as Rockwell Automation 5015-U8IHFT firmware version 1.012 and prior. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H confirms network-accessible, unauthenticated denial-of-service condition. Remediation path confirmed through vendor fix to version 2.011.

Official resources