Lucene search

[email protected]CVE-2020-6998

HistoryJul 27, 2022 - 9:15 p.m.

CVE-2020-6998

2022-07-2721:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-6998

rockwell automation

compactlogix 5370

controllogix 5570

denial of service

cip packet

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

25.8%

JSON

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

CPENameOperatorVersion
rockwellautomation:armor_compact_guardlogix_5370_firmwarerockwellautomation armor compact guardlogix 5370 firmwarele33
rockwellautomation:compact_guardlogix_5370_firmwarerockwellautomation compact guardlogix 5370 firmwarele33
rockwellautomation:compactlogix_5370_l1_firmwarerockwellautomation compactlogix 5370 l1 firmwarele33
rockwellautomation:compactlogix_5370_l2_firmwarerockwellautomation compactlogix 5370 l2 firmwarele33
rockwellautomation:compactlogix_5370_l3_firmwarerockwellautomation compactlogix 5370 l3 firmwarele33
rockwellautomation:controllogix_5570_firmwarerockwellautomation controllogix 5570 firmwarele33
rockwellautomation:guardlogix_5560_firmwarerockwellautomation guardlogix 5560 firmwarele33
rockwellautomation:guardlogix_5570_firmwarerockwellautomation guardlogix 5570 firmwarele33
rockwellautomation:guardlogix_5580_firmwarerockwellautomation guardlogix 5580 firmwarele33

CPE	Name	Operator	Version
rockwellautomation:armor_compact_guardlogix_5370_firmware	rockwellautomation armor compact guardlogix 5370 firmware	le	33
rockwellautomation:compact_guardlogix_5370_firmware	rockwellautomation compact guardlogix 5370 firmware	le	33
rockwellautomation:compactlogix_5370_l1_firmware	rockwellautomation compactlogix 5370 l1 firmware	le	33
rockwellautomation:compactlogix_5370_l2_firmware	rockwellautomation compactlogix 5370 l2 firmware	le	33
rockwellautomation:compactlogix_5370_l3_firmware	rockwellautomation compactlogix 5370 l3 firmware	le	33
rockwellautomation:controllogix_5570_firmware	rockwellautomation controllogix 5570 firmware	le	33
rockwellautomation:guardlogix_5560_firmware	rockwellautomation guardlogix 5560 firmware	le	33
rockwellautomation:guardlogix_5570_firmware	rockwellautomation guardlogix 5570 firmware	le	33
rockwellautomation:guardlogix_5580_firmware	rockwellautomation guardlogix 5580 firmware	le	33

References

rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398

www.cisa.gov/uscert/ics/advisories/icsa-21-061-02

Social References

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2020-6998

ics1 nessus1 prion1 cvelist1