CVE-2020-6998

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

El algoritmo de establecimiento de conexión encontrado en Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versiones 33 y anteriores, no administra suficientemente su flujo de control durante la ejecución, creando un bucle infinito. Esto puede permitir a un atacante enviar peticiones de paquetes CIP especialmente diseñados a un controlador, lo que puede causar condiciones de denegación de servicio en las comunicaciones con otros productos

*Credits: Yeop Chang reported this vulnerability to CISA.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-14 CVE Reserved
2022-07-27 CVE Published
2024-02-17 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rockwellautomation Search vendor "Rockwellautomation"	Armor Compact Guardlogix 5370 Firmware Search vendor "Rockwellautomation" for product "Armor Compact Guardlogix 5370 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Armor Compact Guardlogix 5370 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Armor Compact Guardlogix 5370 Search vendor "Rockwellautomation" for product "Armor Compact Guardlogix 5370"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Compact Guardlogix 5370 Firmware Search vendor "Rockwellautomation" for product "Compact Guardlogix 5370 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Compact Guardlogix 5370 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Compact Guardlogix 5370 Search vendor "Rockwellautomation" for product "Compact Guardlogix 5370"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix 5370 L1 Firmware Search vendor "Rockwellautomation" for product "Compactlogix 5370 L1 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L1 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix 5370 L1 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L1"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix 5370 L2 Firmware Search vendor "Rockwellautomation" for product "Compactlogix 5370 L2 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L2 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix 5370 L2 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L2"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix 5370 L3 Firmware Search vendor "Rockwellautomation" for product "Compactlogix 5370 L3 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L3 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Compactlogix 5370 L3 Search vendor "Rockwellautomation" for product "Compactlogix 5370 L3"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Controllogix 5570 Firmware Search vendor "Rockwellautomation" for product "Controllogix 5570 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Controllogix 5570 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Controllogix 5570 Search vendor "Rockwellautomation" for product "Controllogix 5570"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Guardlogix 5560 Firmware Search vendor "Rockwellautomation" for product "Guardlogix 5560 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Guardlogix 5560 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Guardlogix 5560 Search vendor "Rockwellautomation" for product "Guardlogix 5560"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Guardlogix 5570 Firmware Search vendor "Rockwellautomation" for product "Guardlogix 5570 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Guardlogix 5570 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Guardlogix 5570 Search vendor "Rockwellautomation" for product "Guardlogix 5570"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	Guardlogix 5580 Firmware Search vendor "Rockwellautomation" for product "Guardlogix 5580 Firmware"	<= 33 Search vendor "Rockwellautomation" for product "Guardlogix 5580 Firmware" and version " <= 33"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	Guardlogix 5580 Search vendor "Rockwellautomation" for product "Guardlogix 5580"	-	-	Safe