The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.
References
Link | Resource |
---|---|
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 | Permissions Required Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
04 Aug 2022, 02:39
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rockwellautomation compactlogix 5370 L3
Rockwellautomation compactlogix 5370 L3 Firmware Rockwellautomation Rockwellautomation compact Guardlogix 5370 Firmware Rockwellautomation compactlogix 5370 L2 Firmware Rockwellautomation controllogix 5570 Rockwellautomation guardlogix 5580 Firmware Rockwellautomation guardlogix 5570 Rockwellautomation compactlogix 5370 L2 Rockwellautomation guardlogix 5560 Rockwellautomation guardlogix 5570 Firmware Rockwellautomation compactlogix 5370 L1 Rockwellautomation armor Compact Guardlogix 5370 Rockwellautomation armor Compact Guardlogix 5370 Firmware Rockwellautomation compact Guardlogix 5370 Rockwellautomation compactlogix 5370 L1 Firmware Rockwellautomation guardlogix 5560 Firmware Rockwellautomation controllogix 5570 Firmware Rockwellautomation guardlogix 5580 |
|
References | (CONFIRM) https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 - Permissions Required, Vendor Advisory | |
References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 - Third Party Advisory, US Government Resource | |
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
CPE | cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:* |
27 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-27 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2020-6998
Mitre link : CVE-2020-6998
CVE.ORG link : CVE-2020-6998
JSON object : View
Products Affected
rockwellautomation
- guardlogix_5570_firmware
- guardlogix_5570
- compactlogix_5370_l2
- compact_guardlogix_5370_firmware
- compactlogix_5370_l1_firmware
- compactlogix_5370_l1
- armor_compact_guardlogix_5370_firmware
- controllogix_5570_firmware
- controllogix_5570
- compactlogix_5370_l3
- guardlogix_5580_firmware
- compactlogix_5370_l3_firmware
- guardlogix_5560
- guardlogix_5580
- guardlogix_5560_firmware
- compact_guardlogix_5370
- compactlogix_5370_l2_firmware
- armor_compact_guardlogix_5370
CWE
CWE-20
Improper Input Validation