Rockwell Automation ControlLogix Redundancy Module Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Rockwell Automation ControlLogix Redundancy Module 1756-RM2, all versions. This vulnerability can be triggered by various crafted inputs, such as malformed Class 3 messages, conditions that cause memory leaks, and other scenarios that exhaust system resources. Exploitation of this vulnerability may lead to the device becoming unresponsive and, in some cases, causing a major nonrecoverable fault, requiring a restart for recovery.

Impact

Exploitation of this vulnerability can cause the device to become unresponsive, leading to a denial-of-service condition. In some cases, it may result in a major nonrecoverable fault, requiring a device restart to recover.

Remediation

Rockwell Automation recommends upgrading from the 1756-RM2 to the 1756-RM3. For customers unable to upgrade, it is advised to follow Rockwell Automation's security best practices.