PatchSiren cyber security CVE debrief
CVE-2024-7507 Rockwell Automation CVE debrief
A denial-of-service vulnerability exists in Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380 controllers. The vulnerability occurs when a malformed Programmable Controller Communication Commands (PCCC) message is received, causing a fault in the controller. This vulnerability was published on August 13, 2024, and carries a CVSS 3.1 score of 7.5 (HIGH severity). The affected products include CompactLogix 5380 (5069-L3z), CompactLogix 5480 (5069-L4), ControlLogix 5580 (1756-L8z), GuardLogix 5580 (1756-L8z), and Compact GuardLogix 5380 (5069-L3zS2) running firmware versions prior to v36.011, v35.013, or v34.014. The vulnerability requires no authentication and can be exploited remotely over the network with low attack complexity, resulting in high availability impact.
- Vendor
- Rockwell Automation
- Product
- CompactLogix 5380 (5069 - L3z)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-13
- Original CVE updated
- 2024-08-13
- Advisory published
- 2024-08-13
- Advisory updated
- 2024-08-13
Who should care
Organizations operating Rockwell Automation ControlLogix 5580, GuardLogix 5580, CompactLogix 5380/5480, or Compact GuardLogix 5380 controllers in industrial environments. Critical infrastructure operators, manufacturing facilities, and OT security teams should prioritize assessment and patching.
Technical summary
The vulnerability stems from improper input validation when processing PCCC messages in affected Rockwell Automation controllers. PCCC is a legacy protocol used for communication with Allen-Bradley programmable logic controllers. A malformed message can trigger a controller fault, resulting in denial of service. The attack vector is network-based with no authentication required, making exposed controllers particularly vulnerable. Firmware updates address the input validation deficiency.
Defensive priority
HIGH
Recommended defensive actions
- Apply firmware updates to v36.011, v35.013, or v34.014 as appropriate for your product series
- Restrict communication to CIP object 103 (0x67) to limit exposure
- Implement network segmentation for industrial control systems per CISA ICS recommended practices
- Monitor controller fault logs for unexpected PCCC message handling errors
- Review Rockwell Automation security best practices guidance for industrial automation control systems
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSA-24-226-09. Affected product versions confirmed through CSAF product tree. CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network-accessible, unauthenticated denial-of-service condition.
Official resources
-
CVE-2024-7507 CVE record
CVE.org
-
CVE-2024-7507 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-08-13