PatchSiren cyber security CVE debrief
CVE-2024-6077 Rockwell Automation CVE debrief
A denial-of-service vulnerability exists in Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380 controllers when specially crafted packets are sent to the CIP security object. Successful exploitation renders the device unavailable and requires a factory reset to recover. The vulnerability was disclosed on September 12, 2024, with a CVSS 3.1 score of 7.5 (HIGH). Rockwell Automation has released corrected firmware versions for all affected products.
- Vendor
- Rockwell Automation
- Product
- CompactLogix 5380
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-12
- Original CVE updated
- 2024-09-12
- Advisory published
- 2024-09-12
- Advisory updated
- 2024-09-12
Who should care
Industrial control system operators, OT security teams, manufacturing engineers, and asset owners using Rockwell Automation ControlLogix, GuardLogix, or CompactLogix controllers with CIP Security enabled. Organizations in critical infrastructure sectors including manufacturing, energy, water, and chemical processing should prioritize assessment due to the high availability impact and recovery complexity.
Technical summary
CVE-2024-6077 is a network-accessible denial-of-service vulnerability in Rockwell Automation industrial controllers. The flaw exists in the CIP security object implementation across multiple controller families. An unauthenticated attacker can send specially crafted packets to trigger the vulnerability, causing immediate device unavailability. Recovery requires physical intervention and factory reset, resulting in significant operational downtime for affected industrial control systems. The vulnerability affects nine product variants including CompactLogix 5380/5480, ControlLogix 5580, GuardLogix 5580, and 1756-EN4 communication modules. Rockwell Automation has released corrected firmware versions (v33.017 and later series) to address the issue.
Defensive priority
high
Recommended defensive actions
- Upgrade affected CompactLogix 5380 controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected CompactLogix 5380 Process controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected Compact GuardLogix 5380 SIL 2 controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected Compact GuardLogix 5380 SIL 3 controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected CompactLogix 5480 controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected ControlLogix 5580 controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected ControlLogix 5580 Process controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
- Upgrade affected GuardLogix 5580 controllers to firmware v33.017, v34.014, v35.013, v36.011 or later
Evidence notes
CISA ICS Advisory ICSA-24-256-18 documents this vulnerability in Rockwell Automation controllers. The advisory confirms nine affected product variants across CompactLogix 5380, CompactLogix 5480, ControlLogix 5580, GuardLogix 5580, and 1756-EN4 communication modules. The vulnerability is triggered via the CIP security object and results in complete device unavailability requiring factory reset.
Official resources
-
CVE-2024-6077 CVE record
CVE.org
-
CVE-2024-6077 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-12