› PLCGurus.NET Live & Interactive Forum › Announcements › Rockwell Security Vulnerability Impacting CompactLogix
- This topic has 0 replies, 1 voice, and was last updated 4 years, 11 months ago by PLCGuru.
- June 27, 2018 at 7:49 pm #2821PLCGuruKeymaster
In an advisory published last week, Rockwell Automation informed customers that the flaw impacts Allen-Bradley CompactLogix 5370 and Compact GuardLogix 5370 programmable automation controllers, which are used to control processes in the critical infrastructure, water systems, entertainment, automotive, food and beverage, and other sectors.
The vulnerability is tracked by Rockwell as CVE-2017-9312 and it has been classified as “high severity” with a CVSS score of 8.6. CompactLogix 5370 L1, L2 and L3, and Armor CompactLogix 5370 L3 small controllers, and Compact GuardLogix 5370 and Armor Compact GuardLogix 5370 L3 safety controllers running firmware version 30.012 and prior are affected. The security hole has been patched with the release of version 31.011.
A remote attacker can exploit the vulnerability to cause affected devices to enter Major Non-Recoverable Fault (MNRF) mode, which results in a DoS condition that requires the user to re-download the application program in order to restore the system.
To view the full article in detail visit PLCGurus.NET’s Flipboard Magazine today and be sure to follow us!
- You must be logged in to reply to this topic.