A vulnerability that could allow remote attackers to cause a denial of service condition has been closed in Rockwell Automation’s Allen-Bradley CompactLogix and Compact GuardLogix controllers. If a device affected by the vulnerability receives a specially crafted TCP packet, this causes a Major Non-Recoverable Fault (MNRF). This is considered a safe condition, but recovery requires the software to be reinstalled.
The vulnerability – CVE-2017-9312 – affects all versions up to 30.012 (inclusive) of the following controllers:
- Allen-Bradley CompactLogix 5370 L1;
- Allen-Bradley CompactLogix 5370 L2;
- Allen-Bradley CompactLogix 5370 L3;
- Allen-Bradley Armor CompactLogix 5370 L3;
- Allen-Bradley Compact GuardLogix 5370;
- Allen-Bradley Armor Compact GuardLogix 5370.
A CVSS v.3 base score of 8.6 has been calculated for the vulnerability.
The vendor has released a new firmware version, in which the vulnerability is fixed.
It is recommended that users who cannot update their devices should block all traffic to Ethernet/IP or CIP protocol-based devices from outside the control network by blocking or restricting access to Port 2222/TCP and UDP and Port 44818/TCP and UDP using firewalls, UTM devices, or other security appliances.