Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller
CVE-2024-21916

8.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Controllogix® 5570; Guardlogix® 5570; Controllogix® 5570 Redundant
Vendor: CVE Published:; 31 January 2024

🔔 Create Rockwell Automation Vulnerability Alert

What is CVE-2024-21916?

A denial-of-service vulnerability has been identified in certain Rockwell Automation ControlLogix and GuardLogix controllers. This vulnerability can lead to a major nonrecoverable fault (MNRF) when exploited, causing the affected device to self-restart in an attempt to recover from the fault. Organizations utilizing these controllers should assess their systems and implement necessary measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

ControlLogix® 5570 20.011

ControlLogix® 5570 redundant 20.054_kit1

GuardLogix® 5570 20.011

References

https://www.rockwellautomation.com/en-us/support/advisory...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2024
Vulnerability Reserved
Jan 3, 2024

CVE-2024-21916 Data

JSON