CVE-2020-6998

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

Description

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.

Remediation

Solution:

  • Rockwell Automation recommends affected users apply firmware v33.011 or later. For more information see the Rockwell Automation advisory (login required).

Category

5.8
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Vendor Advisory custhelp.com
Affected: Rockwell Automation Armor Compact GuardLogix 5370 controllers
Affected: Rockwell Automation Armor GuardLogix Safety Controllers
Affected: Rockwell Automation CompactLogix 5370 L1 controllers
Affected: Rockwell Automation CompactLogix 5370 L2 controllers
Affected: Rockwell Automation CompactLogix 5370 L3 controllers
Affected: Rockwell Automation Compact GuardLogix 5370 controllers
Affected: Rockwell Automation ControlLogix 5570 controllers
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-02 third party advisory us government resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130398 permissions required vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-6998?
CVE-2020-6998 has been scored as a medium severity vulnerability.
How to fix CVE-2020-6998?
To fix CVE-2020-6998: Rockwell Automation recommends affected users apply firmware v33.011 or later. For more information see the Rockwell Automation advisory (login required).
Is CVE-2020-6998 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-6998 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-6998?
CVE-2020-6998 affects Rockwell Automation Armor Compact GuardLogix 5370 controllers, Rockwell Automation Armor GuardLogix Safety Controllers, Rockwell Automation CompactLogix 5370 L1 controllers, Rockwell Automation CompactLogix 5370 L2 controllers, Rockwell Automation CompactLogix 5370 L3 controllers, Rockwell Automation Compact GuardLogix 5370 controllers, Rockwell Automation ControlLogix 5570 controllers.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.