CVE-2017-9312

Vulnerability

The vulnerability resides in the TCP/IP stack of Allen-Bradley CompactLogix and GuardLogix 5370 controllers (including L30ERMS devices) running version 30.014 and prior [1]. Improper input validation in option-field processing allows a single crafted TCP packet to trigger an immediate reboot.

Exploitation

An attacker can exploit this remotely without authentication or user interaction [1]. The attacker only needs to send a specially crafted TCP packet to the device's network interface. The vulnerability is rated as low skill level to exploit [1].

Impact

Successful exploitation causes the controller to enter a Major Non-Recoverable Fault (MNRF) state, resulting in a denial-of-service condition [1]. While the controller goes into a safe state, recovery requires the user to download the application program again [1].

Mitigation

Rockwell Automation recommends upgrading to the latest firmware version (post-30.014) to remediate the issue [1]. As of the advisory, no specific workarounds are available, but the controller's fail-safe behavior mitigates physical damage [1].