CVE-2020-6998 : Security Advisory and Response

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation vulnerability overview and mitigation steps.

Understanding CVE-2020-6998

This CVE involves an improper input validation issue in Rockwell Automation controllers, potentially leading to denial-of-service conditions.

What is CVE-2020-6998?

The vulnerability in CompactLogix 5370 and ControlLogix 5570 controllers allows attackers to trigger an infinite loop by sending crafted CIP packet requests, impacting communication.

The Impact of CVE-2020-6998

CVSS Base Score: 5.8 (Medium Severity)
Attack Vector: Network
Attack Complexity: Low
Availability Impact: Low
The flaw does not require user interaction and affects system availability.

Technical Details of CVE-2020-6998

Details on the vulnerability, affected systems, and exploitation methods.

Vulnerability Description

The flaw in the connection establishment algorithm of affected controllers can be exploited to cause denial-of-service conditions.

Affected Systems and Versions

Armor Compact GuardLogix 5370 controllers
Armor GuardLogix Safety Controllers
CompactLogix 5370 L1/L2/L3 controllers
Compact GuardLogix 5370 controllers
ControlLogix 5570 controllers
Versions 33 and prior

Exploitation Mechanism

Attackers can exploit the vulnerability by sending specially crafted CIP packet requests to the controllers, triggering an infinite loop.

Mitigation and Prevention

Steps to mitigate the CVE-2020-6998 vulnerability and enhance system security.

Immediate Steps to Take

Apply Rockwell Automation firmware v33.011 or later
Monitor network traffic for any suspicious activity
Implement network segmentation to limit the attack surface

Long-Term Security Practices

Regularly update firmware and security patches
Conduct security training for personnel to recognize and respond to potential threats

Patching and Updates

Rockwell Automation recommends applying firmware v33.011 or later to address the vulnerability