Rockwell Automation 5015 - AENFTXT
Plan Patch7.5ICS-CERT ICSA-24-235-02Aug 22, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The 5015 - AENFTXT contains an input validation flaw (CWE-20) that allows an unauthenticated attacker with network access to cause a denial-of-service condition by sending malformed input. The vulnerability affects firmware version 2.011. Rockwell Automation has released corrected firmware version 2.012 to address the issue.
What this means
What could happen
An attacker could send specially crafted network packets to the 5015 - AENFTXT device, causing it to become unresponsive and stop accepting legitimate control commands, interrupting operations until the device is manually restarted.
Who's at risk
Water utilities and municipal electric utilities operating Rockwell Automation 5015 - AENFTXT devices in their control systems. This affects remote terminal units (RTUs), programmable logic controllers (PLCs), or other automation devices that depend on this component for network communication.
How it could be exploited
An attacker with network access to the device sends malformed input that violates expected data validation rules, triggering a denial-of-service condition. The attack requires no authentication and exploits a network-accessible interface.
Prerequisites
- Network access to the 5015 - AENFTXT device on the default service port
- No credentials required
remotely exploitableno authentication requiredlow complexityaffects availability of control system
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
5015 - AENFTXT: 2.0112.0112.012
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to the 5015 - AENFTXT device using firewall rules; allow only trusted engineering workstations and control systems to communicate with the device
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate 5015 - AENFTXT firmware to version 2.012 or later
Long-term hardening
0/1HARDENINGIsolate the control system network from the business network using air-gapping or network segmentation to prevent internet-exposed access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/12bfb0e8-9c9b-4157-8f22-27eafe9a5594