July 17, 2018

The NCCIC has updated this advisory with additional details on affected products. NCCIC/ICS-CERT.

June 21, 2018

The NCCIC has released an advisory on an improper input validation vulnerability in Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix. Numerous products and versions of products are affected. Successful exploitation of this vulnerability could result in a denial-of-service condition. As a result, the controller goes into a Major Non-Recoverable Fault (MNRF) state, which is considered safe. However, recovery requires the user to download the application program again. Rockwell Automation recommends users with affected controllers apply firmware revision FRN (31.011 or later) to the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.