cvelistv5 - cve-2020-6998

CVE-2020-6998 (GCVE-0-2020-6998)

Vulnerability from cvelistv5 – Published: 2022-07-27 20:18 – Updated: 2025-04-17 15:51

Summary

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE

CVE-22 Improper Input Validation

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/uscert/ics/advisories/icsa-2…	x_refsource_CONFIRM
	https://rockwellautomation.custhelp.com/app/answe…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Rockwell Automation

Armor Compact GuardLogix 5370 controllers

Affected: unspecified , ≤ versions 33 and prior (custom)

Rockwell Automation	Armor GuardLogix Safety Controllers	Affected: unspecified , ≤ versions 33 and prior (custom)
Rockwell Automation	CompactLogix 5370 L1 controllers	Affected: unspecified , ≤ versions 33 and prior (custom)
Rockwell Automation	CompactLogix 5370 L2 controllers	Affected: unspecified , ≤ versions 33 and prior (custom)
Rockwell Automation	CompactLogix 5370 L3 controllers	Affected: unspecified , ≤ versions 33 and prior (custom)
Rockwell Automation	Compact GuardLogix 5370 controllers	Affected: unspecified , ≤ versions 33 and prior (custom)
Rockwell Automation	ControlLogix 5570 controllers	Affected: unspecified , ≤ versions 33 and prior (custom)

Credits

Yeop Chang reported this vulnerability to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:02.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-6998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T14:34:30.818711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T15:51:02.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Armor Compact GuardLogix 5370 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Armor GuardLogix Safety Controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CompactLogix 5370 L1 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CompactLogix 5370 L2 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "CompactLogix 5370 L3 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Compact GuardLogix 5370 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ControlLogix 5570 controllers",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "lessThanOrEqual": "versions 33 and prior",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yeop Chang reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVE-22 Improper Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-27T20:18:00.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Rockwell Automation recommends affected users apply firmware v33.011 or later.\n\nFor more information see the Rockwell Automation advisory (login required)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-6998",
          "STATE": "PUBLIC",
          "TITLE": "Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Armor Compact GuardLogix 5370 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Armor GuardLogix Safety Controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CompactLogix 5370 L1 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CompactLogix 5370 L2 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "CompactLogix 5370 L3 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Compact GuardLogix 5370 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ControlLogix 5570 controllers",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "versions 33 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rockwell Automation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Yeop Chang reported this vulnerability to CISA."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVE-22 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
            },
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398",
              "refsource": "CONFIRM",
              "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Rockwell Automation recommends affected users apply firmware v33.011 or later.\n\nFor more information see the Rockwell Automation advisory (login required)."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-6998",
    "datePublished": "2022-07-27T20:18:00.000Z",
    "dateReserved": "2020-01-14T00:00:00.000Z",
    "dateUpdated": "2025-04-17T15:51:02.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"13D07CA5-B2C0-483D-A183-60BAD0F6BA65\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03FAA30B-C345-4DD4-A686-50989ADF4CC5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"797BDE9D-193A-4D9B-A38C-B199C99CE958\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F951670-AF4D-4429-8BC1-79BDEF83B2C3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"02304C1E-786D-4281-8854-6B626F201A29\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"848B3145-24E4-445B-958A-4C3F84C4546C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"786B2806-A81A-4160-804A-AE9B2C445D65\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65092726-5567-488C-9E32-DC42D34E111D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"4274AF4D-445F-454D-8B08-B03B39A5AD5F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52C2F377-6F0D-4752-A4A3-C40604A8575D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"235662B8-4F63-4D1F-9091-8271B85BDB17\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"482E2CD6-D484-486C-92F4-18432D107E30\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"BC99B037-69C1-4475-B65E-046CA020806A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A42D9BC-9468-479A-873D-52175687FCBD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"DA97F17B-E8B2-4FF6-A8D8-69D8F6B17F2F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"321AE938-192A-4342-8608-ADC81F0B6582\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"33\", \"matchCriteriaId\": \"A56F5CA1-02BF-4AC2-9963-F09E8390EC92\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"006B7683-9FDF-4748-BA28-2EA22613E092\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.\"}, {\"lang\": \"es\", \"value\": \"El algoritmo de establecimiento de conexi\\u00f3n encontrado en Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versiones 33 y anteriores, no administra suficientemente su flujo de control durante la ejecuci\\u00f3n, creando un bucle infinito. Esto puede permitir a un atacante enviar peticiones de paquetes CIP especialmente dise\\u00f1ados a un controlador, lo que puede causar condiciones de denegaci\\u00f3n de servicio en las comunicaciones con otros productos\"}]",
      "id": "CVE-2020-6998",
      "lastModified": "2024-11-21T05:36:27.750",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\", \"baseScore\": 5.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}]}",
      "published": "2022-07-27T21:15:08.297",
      "references": "[{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-6998\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-07-27T21:15:08.297\",\"lastModified\":\"2025-04-17T16:15:21.730\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.\"},{\"lang\":\"es\",\"value\":\"El algoritmo de establecimiento de conexi\u00f3n encontrado en Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versiones 33 y anteriores, no administra suficientemente su flujo de control durante la ejecuci\u00f3n, creando un bucle infinito. Esto puede permitir a un atacante enviar peticiones de paquetes CIP especialmente dise\u00f1ados a un controlador, lo que puede causar condiciones de denegaci\u00f3n de servicio en las comunicaciones con otros productos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"13D07CA5-B2C0-483D-A183-60BAD0F6BA65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03FAA30B-C345-4DD4-A686-50989ADF4CC5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"797BDE9D-193A-4D9B-A38C-B199C99CE958\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F951670-AF4D-4429-8BC1-79BDEF83B2C3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"02304C1E-786D-4281-8854-6B626F201A29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848B3145-24E4-445B-958A-4C3F84C4546C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"786B2806-A81A-4160-804A-AE9B2C445D65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65092726-5567-488C-9E32-DC42D34E111D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"4274AF4D-445F-454D-8B08-B03B39A5AD5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C2F377-6F0D-4752-A4A3-C40604A8575D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"235662B8-4F63-4D1F-9091-8271B85BDB17\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"482E2CD6-D484-486C-92F4-18432D107E30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"BC99B037-69C1-4475-B65E-046CA020806A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A42D9BC-9468-479A-873D-52175687FCBD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"DA97F17B-E8B2-4FF6-A8D8-69D8F6B17F2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"321AE938-192A-4342-8608-ADC81F0B6582\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"33\",\"matchCriteriaId\":\"A56F5CA1-02BF-4AC2-9963-F09E8390EC92\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"006B7683-9FDF-4748-BA28-2EA22613E092\"}]}]}],\"references\":[{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T09:18:02.993Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-6998\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-17T14:34:30.818711Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T14:34:32.456Z\"}}], \"cna\": {\"title\": \"Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Yeop Chang reported this vulnerability to CISA.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"Armor Compact GuardLogix 5370 controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"Armor GuardLogix Safety Controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"CompactLogix 5370 L1 controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"CompactLogix 5370 L2 controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"CompactLogix 5370 L3 controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"Compact GuardLogix 5370 controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}, {\"vendor\": \"Rockwell Automation\", \"product\": \"ControlLogix 5570 controllers\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"versions 33 and prior\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation recommends affected users apply firmware v33.011 or later.\\n\\nFor more information see the Rockwell Automation advisory (login required).\"}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"CVE-22 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-07-27T20:18:00.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Yeop Chang reported this vulnerability to CISA.\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Armor Compact GuardLogix 5370 controllers\"}, {\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Armor GuardLogix Safety Controllers\"}, {\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"CompactLogix 5370 L1 controllers\"}, {\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"CompactLogix 5370 L2 controllers\"}, {\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"CompactLogix 5370 L3 controllers\"}, {\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"Compact GuardLogix 5370 controllers\"}, {\"version\": {\"version_data\": [{\"version_value\": \"versions 33 and prior\", \"version_affected\": \"\u003c=\"}]}, \"product_name\": \"ControlLogix 5570 controllers\"}]}, \"vendor_name\": \"Rockwell Automation\"}]}}, \"solution\": [{\"lang\": \"en\", \"value\": \"Rockwell Automation recommends affected users apply firmware v33.011 or later.\\n\\nFor more information see the Rockwell Automation advisory (login required).\"}], \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\", \"name\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CVE-22 Improper Input Validation\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-6998\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-6998\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T15:51:02.651Z\", \"dateReserved\": \"2020-01-14T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-07-27T20:18:00.000Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-9R87-PC5M-9W97

Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2022-08-05 00:00

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6998"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-27T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.",
  "id": "GHSA-9r87-pc5m-9w97",
  "modified": "2022-08-05T00:00:31Z",
  "published": "2022-07-28T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6998"
    },
    {
      "type": "WEB",
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-21-061-02

Vulnerability from csaf_cisa - Published: 2021-03-02 00:00 - Updated: 2021-03-23 00:00

Summary

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Yeop Chang"
        ],
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-061-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-061-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-061-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-061-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)",
    "tracking": {
      "current_release_date": "2021-03-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-21-061-02",
      "initial_release_date": "2021-03-02T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-03-02T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-21-061-02 Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers"
        },
        {
          "date": "2021-03-23T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-21-061-02 Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "ControlLogix 5570 controllers :Versions 33 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "ControlLogix 5570 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "Compact GuardLogix 5370 controllers: Versions 33 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Compact GuardLogix 5370 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "CompactLogix 5370 L2 controllers: Versions 33 and prior",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CompactLogix 5370 L2 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "CompactLogix 5370 L1 controllers: Versions 33 and prior",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CompactLogix 5370 L1 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "Armor Compact GuardLogix 5370 controllers: Versions 33 and prior",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Armor Compact GuardLogix 5370 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "CompactLogix 5370 L3 controllers: Versions 33 and prior",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "CompactLogix 5370 L3 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 33",
                "product": {
                  "name": "Armor GuardLogix Safety Controllers: Versions 33 and prior",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Armor GuardLogix Safety Controllers"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-6998",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The connection establishment algorithm found in CompactLogix 5370 and ControlLogix 5570 does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.CVE-2020-6998 has been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6998"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Rockwell Automation recommends affected users apply firmware v33.011 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026refSoft=1\u0026toggleState=\u0026versions=59325,59316"
        },
        {
          "category": "mitigation",
          "details": "For more information see the Rockwell Automation advisory (login required).",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2020-6998

Vulnerability from fkie_nvd - Published: 2022-07-27 21:15 - Updated: 2025-04-17 16:15

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398	Permissions Required, Vendor Advisory
ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
rockwellautomation	armor_compact_guardlogix_5370_firmware	*
rockwellautomation	armor_compact_guardlogix_5370	-
rockwellautomation	compact_guardlogix_5370_firmware	*
rockwellautomation	compact_guardlogix_5370	-
rockwellautomation	compactlogix_5370_l1_firmware	*
rockwellautomation	compactlogix_5370_l1	-
rockwellautomation	compactlogix_5370_l2_firmware	*
rockwellautomation	compactlogix_5370_l2	-
rockwellautomation	compactlogix_5370_l3_firmware	*
rockwellautomation	compactlogix_5370_l3	-
rockwellautomation	controllogix_5570_firmware	*
rockwellautomation	controllogix_5570	-
rockwellautomation	guardlogix_5560_firmware	*
rockwellautomation	guardlogix_5560	-
rockwellautomation	guardlogix_5570_firmware	*
rockwellautomation	guardlogix_5570	-
rockwellautomation	guardlogix_5580_firmware	*
rockwellautomation	guardlogix_5580	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D07CA5-B2C0-483D-A183-60BAD0F6BA65",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FAA30B-C345-4DD4-A686-50989ADF4CC5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "797BDE9D-193A-4D9B-A38C-B199C99CE958",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F951670-AF4D-4429-8BC1-79BDEF83B2C3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02304C1E-786D-4281-8854-6B626F201A29",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "848B3145-24E4-445B-958A-4C3F84C4546C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "786B2806-A81A-4160-804A-AE9B2C445D65",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65092726-5567-488C-9E32-DC42D34E111D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4274AF4D-445F-454D-8B08-B03B39A5AD5F",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C2F377-6F0D-4752-A4A3-C40604A8575D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "235662B8-4F63-4D1F-9091-8271B85BDB17",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "482E2CD6-D484-486C-92F4-18432D107E30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC99B037-69C1-4475-B65E-046CA020806A",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A42D9BC-9468-479A-873D-52175687FCBD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA97F17B-E8B2-4FF6-A8D8-69D8F6B17F2F",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "321AE938-192A-4342-8608-ADC81F0B6582",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56F5CA1-02BF-4AC2-9963-F09E8390EC92",
              "versionEndIncluding": "33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products."
    },
    {
      "lang": "es",
      "value": "El algoritmo de establecimiento de conexi\u00f3n encontrado en Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versiones 33 y anteriores, no administra suficientemente su flujo de control durante la ejecuci\u00f3n, creando un bucle infinito. Esto puede permitir a un atacante enviar peticiones de paquetes CIP especialmente dise\u00f1ados a un controlador, lo que puede causar condiciones de denegaci\u00f3n de servicio en las comunicaciones con otros productos"
    }
  ],
  "id": "CVE-2020-6998",
  "lastModified": "2025-04-17T16:15:21.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-27T21:15:08.297",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2020-6998

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-6998

Aliases

CVE-2020-6998

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6998",
    "description": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.",
    "id": "GSD-2020-6998"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6998"
      ],
      "details": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.",
      "id": "GSD-2020-6998",
      "modified": "2023-12-13T01:21:55.350983Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2020-6998",
        "STATE": "PUBLIC",
        "TITLE": "Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Armor Compact GuardLogix 5370 controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Armor GuardLogix Safety Controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CompactLogix 5370 L1 controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CompactLogix 5370 L2 controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "CompactLogix 5370 L3 controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Compact GuardLogix 5370 controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ControlLogix 5570 controllers",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "versions 33 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rockwell Automation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Yeop Chang reported this vulnerability to CISA."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CVE-22 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02",
            "refsource": "CONFIRM",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
          },
          {
            "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398",
            "refsource": "CONFIRM",
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Rockwell Automation recommends affected users apply firmware v33.011 or later.\n\nFor more information see the Rockwell Automation advisory (login required)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:armor_compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:armor_compact_guardlogix_5370:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5370_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5370:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5370_l3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:compactlogix_5370_l3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5570_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:controllogix_5570:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:guardlogix_5560_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:guardlogix_5560:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:guardlogix_5570_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:guardlogix_5570:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "33",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-6998"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398"
            },
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2022-08-04T02:39Z",
      "publishedDate": "2022-07-27T21:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6998 (GCVE-0-2020-6998)

GHSA-9R87-PC5M-9W97

ICSA-21-061-02

FKIE_CVE-2020-6998

GSD-2020-6998

Tags

Sightings

Nomenclature