Rockwell Automation CompactLogix 5370 (ICSA-19-120-01)

The NCCIC has released an advisory on uncontrolled resource consumption and stack-based buffer overflow vulnerabilities in Rockwell Automation CompactLogix 5370. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to render the web server unavailable and/or place the controller in a major non-recoverable faulted state (MNRF). Rockwell Automation strongly encourages users to apply the latest available version of firmware to keep up to date with the latest features, anomaly fixes, and security improvements. The NCCIC also provides a series of recommendations for addressing the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.