Affected Family

First Known in Software/Firmware Version

Corrected in Software/Firmware Version

CompactLogix 5380

v.32 .011

v33.017, v34.014, v35.013, v36.011 and later

CompactLogix 5380 Process

v.33.011

v33.017, v34.014, v35.013, v36.011 and later

Compact GuardLogix 5380 SIL 2

v.32.013

v33.017, v34.014, v35.013, v36.011 and later

Compact GuardLogix 5380 SIL 3

v.32.011

v33.017, v34.014, v35.013, v36.011 and later

CompactLogix 5480

v.32.011

v33.017, v34.014, v35.013, v36.011 and later

ControlLogix® 5580

v.32.011

v33.017, v34.014, v35.013, v36.011 and later

ControlLogix® 5580 Process

v.33.011

v33.017, v34.014, v35.013, v36.011 and later

GuardLogix 5580

v.32.011

v33.017, v34.014, v35.013, v36.011 and later

1756-EN4

v2.001

v6.001 and later

Mitigations and Workarounds
Customers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations.

Users who do not wish to use CIP security can disable the feature per device. See "Disable CIP Security" in Chapter 2 of "CIP Security with Rockwell Automation Products" (publication SECURE-AT001)

For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.

Compact Guardlogix 5380 Sil 3 Firmware Security Vulnerabilities