CVE-2024-6089 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation 5015 - AENFTXT devices in industrial environments, particularly those relying on PTP for time synchronization. Critical infrastructure operators, manufacturing facilities, and OT security teams should prioritize patching due to the unauthenticated remote exploitability and physical recovery requirement.

Technical summary

The vulnerability exists in the PTP packet processing implementation of the affected firmware. Insufficient input validation allows a malformed PTP packet to trigger a major nonrecoverable fault (MNRF) in the secondary adapter. This is a network-accessible, unauthenticated denial-of-service vulnerability with no confidentiality or integrity impact but complete availability impact on the affected device. Recovery requires physical intervention to power cycle the device.

Defensive priority

HIGH

Recommended defensive actions

• Update affected devices to firmware revision v2.012 or later
• Implement network segmentation to restrict PTP traffic to trusted sources
• Monitor for unexpected device faults or power cycle events
• Apply Rockwell Automation security best practices for industrial control systems
• Use CISA Stakeholder-Specific Vulnerability Categorization (SSVC) for environment-specific prioritization

Evidence notes

CVE published and advisory released 2024-08-22 per CISA CSAF source. Affected product confirmed as Rockwell Automation 5015 - AENFTXT firmware version 2.011. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H = 7.5. Remediation requires firmware update to v2.012.

Official resources