cbcvebase.
CVE-2020-6998
published 2022-07-27

CVE-2020-6998: The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage…

PriorityP346high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
EPSS
1.74%
74.9th percentile
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Affected

16 ranges
VendorProductVersion rangeFixed in
rockwell_automationarmor_compact_guardlogix_5370_controllersunspecified – versions 33 and prior
rockwell_automationarmor_guardlogix_safety_controllersunspecified – versions 33 and prior
rockwell_automationcompact_guardlogix_5370_controllersunspecified – versions 33 and prior
rockwell_automationcompactlogix_5370_l1_controllersunspecified – versions 33 and prior
rockwell_automationcompactlogix_5370_l2_controllersunspecified – versions 33 and prior
rockwell_automationcompactlogix_5370_l3_controllersunspecified – versions 33 and prior
rockwell_automationcontrollogix_5570_controllersunspecified – versions 33 and prior
rockwellautomationarmor_compact_guardlogix_5370_firmware<= 33
rockwellautomationcompact_guardlogix_5370_firmware<= 33
rockwellautomationcompactlogix_5370_l1_firmware<= 33
rockwellautomationcompactlogix_5370_l2_firmware<= 33
rockwellautomationcompactlogix_5370_l3_firmware<= 33
rockwellautomationcontrollogix_5570_firmware<= 33
rockwellautomationguardlogix_5560_firmware<= 33
rockwellautomationguardlogix_5570_firmware<= 33
rockwellautomationguardlogix_5580_firmware<= 33
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.