DoS vulnerability in Allen-Bradley CompactLogix and Compact GuardLogix controllers

A vulnerability that could allow remote attackers to cause a denial of service condition has been closed in Rockwell Automation’s Allen-Bradley CompactLogix and Compact GuardLogix controllers. If a device affected by the vulnerability receives a specially crafted TCP packet, this causes a Major Non-Recoverable Fault (MNRF). This is considered a safe condition, but recovery requires the software to be reinstalled.

The vulnerability – CVE-2017-9312 – affects all versions up to 30.012 (inclusive) of the following controllers:

• Allen-Bradley CompactLogix 5370 L1;
• Allen-Bradley CompactLogix 5370 L2;
• Allen-Bradley CompactLogix 5370 L3;
• Allen-Bradley Armor CompactLogix 5370 L3;
• Allen-Bradley Compact GuardLogix 5370;
• Allen-Bradley Armor Compact GuardLogix 5370.

A CVSS v.3 base score of 8.6 has been calculated for the vulnerability.

The vendor has released a new firmware version, in which the vulnerability is fixed.

It is recommended that users who cannot update their devices should block all traffic to Ethernet/IP or CIP protocol-based devices from outside the control network by blocking or restricting access to Port 2222/TCP and UDP and Port 44818/TCP and UDP using firewalls, UTM devices, or other security appliances.

Source: ICS-CERT