Vulnerability identified in Rockwell Automation Safety PLC with exploitation resulting in DoS condition
An Applied Risk researcher has identified a vulnerability in the Rockwell Automation Allen-Bradley CompactLogix 5370 Controller 1769-L30ERMS, which could allow an unauthenticated remote threat-actor to reboot a device and switch it to the “Major Non-Recoverable Fault” mode, resulting in a Denial of Service (DoS) condition. This issue cannot be automatically resolved and requires manual operations to be undertaken by an engineer.
The Safety PLC from Rockwell is commonly used in various industrial sectors and industries, including oil & gas, chemical, manufacturing, water, power and more. The vulnerability is classified as serious and it has been given a CVSS (Common Vulnerability Scoring System) score of 7.5, which is classed as high.
Subscribe to PII and receive:
Our long-established bi-monthly digital magazine *Process Industry Informer*, featuring exclusive articles, news and updates across the Process Industries, plus commentary from our three industry experts:
Sean Moran
Gavin Smith
Dave Green
PLUS:
- Process Industry Update — our weekly e-newsletter
- PII Podcast
- Special messages from our advertising partners
Applied Risk has worked alongside the manufacturer in the responsible disclosure process, and the fix has been issued by the vendor. For end users, updating the product firmware to the latest version Rockwell has provided will fix this vulnerability.
