Rockwell Automation GuardLogix and ControlLogix controllers
Plan Patch8.6ICS-CERT ICSA-22-354-02Dec 20, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in Rockwell Automation GuardLogix and ControlLogix controllers (firmware versions 20-33) allows improper input validation on network packets. An attacker with network access could send a specially crafted packet to degrade controller availability or cause a nonrecoverable fault. Affected models include CompactLogix 5370, Compact GuardLogix 5370, ControlLogix 5570, ControlLogix 5570 redundancy, and GuardLogix 5570.
What this means
What could happen
An attacker could degrade the availability of your PLC controller or cause a major nonrecoverable fault, resulting in loss of process control and potential operational shutdown.
Who's at risk
Water authorities and municipalities using Rockwell Automation GuardLogix, ControlLogix, Compact Logix, or Compact GuardLogix controllers in versions 20-33 should prioritize assessment. This affects any facility with these controllers that manages water treatment, distribution, wastewater handling, or power distribution operations.
How it could be exploited
An attacker with network access to the controller could send a specially crafted packet that exploits improper input validation, degrading controller availability or triggering a critical fault.
Prerequisites
- Network access to the controller's Ethernet port
- Ability to reach the controller on its configured network
remotely exploitableno authentication requiredlow complexityhigh availability impactaffects safety-critical PLCs
Exploitability
Moderate exploit probability (EPSS 1.5%)
Affected products (5)
4 with fix1 pending
ProductAffected VersionsFix Status
GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers: CompactLogix 537020-3333.013, 34.011, or later
GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers: Compact GuardLogix 537028-3333.013, 34.011, or later
GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers: ControlLogix 557020-3333.013, 34.011, or later
GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers: GuardLogix 557020-3333.013, 34.011, or later
GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers: ControlLogix5570 redundancy20-33No fix yet
Remediation & Mitigation
0/8
Do now
0/2HARDENINGIsolate controller networks from the business network using firewalls
HARDENINGEnsure controllers are not accessible from the Internet
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
HOTFIXUpgrade CompactLogix 5370 firmware to version 33.013, 34.011, or later
HOTFIXUpgrade Compact GuardLogix 5370 firmware to version 33.013, 34.011, or later
HOTFIXUpgrade ControlLogix 5570 firmware to version 33.013, 34.011, or later
HOTFIXUpgrade ControlLogix 5570 redundancy firmware to version 33.052, 34.051, or later
HOTFIXUpgrade GuardLogix 5570 firmware to version 33.013, 34.011, or later
Long-term hardening
0/1HARDENINGUse secure remote access methods such as VPNs when remote access is required
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/6d1313f7-dbc2-45fe-afa9-ed0ba3190d6f