CVE-2024-7567 Rockwell Automation CVE debrief

Who should care

Organizations operating Rockwell Automation Micro850 or Micro870 PLCs in industrial environments, particularly those with exposed or network-accessible CIP/Modbus ports. Critical infrastructure operators, manufacturing facilities, and OT security teams should prioritize firmware updates to maintain operational continuity.

Technical summary

The vulnerability exists in the CIP/Modbus port implementation of Rockwell Automation Micro850/870 PLCs (2080-L50E/2080-L70E). An attacker can trigger a denial-of-service condition that temporarily disrupts CIP/Modbus communications. The attack vector is network-based with low attack complexity and no required privileges or user interaction. The vulnerability has a CVSS 3.1 score of 5.3 (Medium) with AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. Remediation is available through firmware update to version v22.011.

Defensive priority

medium

Recommended defensive actions

• Update affected Micro850/870 PLC firmware to version v22.011 or later
• Apply Rockwell Automation security best practices for industrial control systems
• Implement network segmentation to limit exposure of CIP/Modbus ports
• Monitor CIP/Modbus communications for unexpected disruptions
• Review and implement CISA ICS recommended practices for defense-in-depth

Evidence notes

The vulnerability affects Rockwell Automation PLC - Micro850/870 (2080-L50E/2080-L70E) with firmware versions prior to v22.011. The issue is a network-accessible denial-of-service condition affecting industrial control system communications. CISA published advisory ICSA-24-226-07 on August 13, 2024, coordinating disclosure.

Official resources