Rockwell Automation 5015-AENFTXT (Update A)

Plan Patch7.5ICS-CERT ICSA-24-102-09Apr 11, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Rockwell Automation 5015-AENFTXT module contains an input validation flaw (CWE-20) that allows an attacker to send a specially crafted network request to crash the device, causing denial of service.

What this means

What could happen

An attacker could crash the 5015-AENFTXT module, disrupting communication or control functions that depend on it and potentially halting affected processes until the device is manually restarted.

Who's at risk

Operators of Rockwell Automation 5015-AENFTXT modules in manufacturing, water/wastewater treatment, power generation, or any facility using CompactLogix or similar platforms for process control should prioritize this advisory. The module is commonly used in distributed I/O and communication applications where availability is critical to operations.

How it could be exploited

An attacker with network access to the device can send a malformed input or network packet that triggers the validation flaw, causing the module to crash. No authentication or special configuration is required.

Prerequisites

Network access to the 5015-AENFTXT device on its listening port
No credentials or prior system access required

remotely exploitableno authentication requiredlow complexity attackhigh availability impact

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

5015-AENFTXT: >=v2.011|<v2.012≥ v2.011|<v2.012v2.012

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the 5015-AENFTXT device by placing it behind a firewall and blocking inbound connections from untrusted networks

HARDENINGIsolate the control system network from the business network to prevent direct internet or business LAN access to the device

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 5015-AENFTXT firmware to v2.012 or later

Long-term hardening

0/1

HARDENINGIf remote access is needed, use a VPN to tunnel connections rather than exposing the device directly to the network

CVEs (1)

CVE-2024-2424

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2f6f36bb-d3ca-430c-900d-0f4d9290745f