Rockwell Automation 5015-U8IHFT

Plan PatchCVSS 7.5ICS-CERT ICSA-24-256-21Sep 12, 2024

Rockwell Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The 5015-U8IHFT Ethernet communication module in Rockwell Automation control systems is vulnerable to a denial-of-service condition via a specially crafted network message. Successful exploitation causes the module to become unresponsive, disrupting I/O communication in the affected control system. The vulnerability affects firmware version 1.012 and prior.

What this means

What could happen

An attacker could trigger a denial-of-service condition on the 5015-U8IHFT module, causing it to become unresponsive and interrupting I/O operations in the Rockwell Automation control system until the device is restarted.

Who's at risk

Water authorities and utilities using Rockwell Automation CompactLogix or MicroLogix systems with the 5015-U8IHFT Ethernet communication module (versions 1.012 and earlier) for remote or networked I/O operations are affected.

How it could be exploited

An attacker with network access to the 5015-U8IHFT device could send a specially crafted message or network packet that triggers a fault condition in the firmware, causing the module to stop responding to I/O requests.

Prerequisites

Network access to the 5015-U8IHFT device (Ethernet or similar network connectivity)
No authentication required
Device running firmware version 1.012 or earlier

remotely exploitableno authentication requiredlow complexity attackaffects control system availability

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

5015-U8IHFT: <=1.012≤ 1.0125015-U8IHFT V2.011

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the 5015-U8IHFT device using firewall rules to allow only authorized engineering and control system traffic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate 5015-U8IHFT firmware from V1.012 or earlier to V2.011 or later

Long-term hardening

0/1

HARDENINGLocate the 5015-U8IHFT and the control system network behind firewall(s) and isolate from business network

CVEs (1)

CVE-2024-45825

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0f23d2e4-8079-4473-a3d3-636297e49eec

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.