PatchSiren cyber security CVE debrief
CVE-2024-7515 Rockwell Automation CVE debrief
A denial-of-service vulnerability in Rockwell Automation industrial controllers allows unauthenticated remote attackers to trigger a major nonrecoverable fault by sending a malformed Precision Time Protocol (PTP) management packet. The vulnerability affects five product lines across the ControlLogix, GuardLogix, CompactLogix, and Compact GuardLogix families. Successful exploitation causes complete controller failure requiring manual intervention to restore operations. The CVSS 3.1 score of 8.6 reflects high availability impact with network attack vector, low attack complexity, and no required privileges or user interaction. The vulnerability was disclosed on August 13, 2024 via CISA ICS advisory ICSA-24-226-10.
- Vendor
- Rockwell Automation
- Product
- CompactLogix 5380 (5069 - L3z)
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-13
- Original CVE updated
- 2024-08-13
- Advisory published
- 2024-08-13
- Advisory updated
- 2024-08-13
Who should care
Organizations operating Rockwell Automation ControlLogix 5580, GuardLogix 5580, CompactLogix 5380/5480, or Compact GuardLogix 5380 controllers in manufacturing, critical infrastructure, or industrial automation environments. OT security teams, plant engineers, and asset owners relying on these controllers for process control should prioritize firmware updates and network access restrictions.
Technical summary
The vulnerability exists in the PTP (Precision Time Protocol) management packet handling of affected Rockwell Automation controllers. A malformed PTP management packet sent to the controller causes a major nonrecoverable fault (MNRF), resulting in complete operational failure. The attack requires network access to the controller but no authentication. Affected products include CompactLogix 5380 (5069-L3z), CompactLogix 5480 (5069-L4), ControlLogix 5580 (1756-L8z), GuardLogix 5580 (1756-L8z), and Compact GuardLogix 5380 (5069-L3zS2) running firmware versions prior to v36.011, v35.013, or v34.014 depending on the major release branch. The vulnerability is particularly concerning in industrial environments where controller availability is critical and PTP is used for time synchronization across control systems.
Defensive priority
HIGH
Recommended defensive actions
- Update affected controllers to firmware version v36.011, v35.013, v34.014 or later as specified for each product line
- Restrict network communication to CIP object 103 (0x67) to limit attack surface
- Implement network segmentation to isolate industrial control systems from untrusted networks
- Apply Rockwell Automation security best practices for industrial automation control systems
- Monitor for unexpected controller faults or PTP management traffic on affected networks
Evidence notes
Vulnerability description and affected products confirmed via CISA CSAF advisory ICSA-24-226-10. CVSS vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H sourced from advisory references. Remediation guidance including specific firmware versions and CIP object restriction sourced from CSAF remediations section.
Official resources
-
CVE-2024-7515 CVE record
CVE.org
-
CVE-2024-7515 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-08-13