OTPulse
FeedAboutContact

Rockwell Automation 5015-U8IHFT

Plan Patch7.5ICS-CERT ICSA-24-256-21Sep 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The Rockwell Automation 5015-U8IHFT module versions 1.012 and earlier contain an input validation vulnerability (CWE-20) that allows an attacker to cause a denial-of-service condition. The vulnerability is exploitable remotely without authentication or special conditions. An attacker can send a malicious input that causes the device to become unresponsive or crash, disrupting control system operations that depend on this module.

What this means
What could happen
An attacker could cause the 5015-U8IHFT device to become unavailable, disrupting operations that depend on this equipment to function. This is a denial-of-service condition that could stop process automation or control capabilities.
Who's at risk
Organizations running Rockwell Automation 5015-U8IHFT devices (version 1.012 or earlier) in control systems, particularly those in water utilities, power distribution, manufacturing, and other critical infrastructure where this module is used for I/O handling or process control.
How it could be exploited
An attacker with network access to the device (no credentials required) can send a specially crafted input that violates input validation checks, triggering a denial-of-service condition that crashes or freezes the device.
Prerequisites
  • Network access to the 5015-U8IHFT device
  • No authentication required
  • Device running version 1.012 or earlier
remotely exploitableno authentication requiredlow complexitynetwork-based attack vectoravailability impact only
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
5015-U8IHFT: <=1.012≤ 1.0125015-U8IHFT V2.011
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the 5015-U8IHFT device; ensure it is not reachable from the internet or untrusted business networks
HARDENINGPlace the device behind a firewall and isolate it from the business network if possible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 5015-U8IHFT devices from version 1.012 or earlier to version 2.011
Long-term hardening
0/1
HARDENINGIf remote access is required, use a VPN with the most current version available and ensure the VPN endpoint devices are patched
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0f23d2e4-8079-4473-a3d3-636297e49eec
Rockwell Automation 5015-U8IHFT | CVSS 7.5 - OTPulse