Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-6998
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-27 Jul, 2022 | 20:18
Updated At-17 Apr, 2025 | 15:51
Rejected At-
▼CVE Numbering Authority (CNA)
Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Affected Products
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
Armor Compact GuardLogix 5370 controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
Armor GuardLogix Safety Controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix 5370 L1 controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix 5370 L2 controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix 5370 L3 controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
Compact GuardLogix 5370 controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
ControlLogix 5570 controllers
Versions
Affected
  • From unspecified through versions 33 and prior (custom)
Problem Types
TypeCWE IDDescription
textN/ACVE-22 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Rockwell Automation recommends affected users apply firmware v33.011 or later. For more information see the Rockwell Automation advisory (login required).

Configurations
Workarounds
Exploits
Credits
Yeop Chang reported this vulnerability to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02
x_refsource_CONFIRM
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02
x_refsource_CONFIRM
x_transferred
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found