CVE-2024-6077

Solution:

• Affected Family         First Known in Software/Firmware Version         Corrected in Software/Firmware Version         CompactLogix 5380               v.32 .011         v33.017, v34.014, v35.013, v36.011 and later         CompactLogix 5380 Process         v.33.011         v33.017, v34.014, v35.013, v36.011 and later         Compact GuardLogix 5380 SIL 2         v.32.013         v33.017, v34.014, v35.013, v36.011 and later         Compact GuardLogix 5380 SIL 3         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         CompactLogix 5480         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         ControlLogix® 5580         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         ControlLogix® 5580 Process         v.33.011         v33.017, v34.014, v35.013, v36.011 and later         GuardLogix 5580         v.32.011         v33.017, v34.014, v35.013, v36.011 and later         1756-EN4         v2.001         v6.001 and later       Mitigations and Workarounds Customers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. * Users who do not wish to use CIP security can disable the feature per device. See "Disable CIP Security" in Chapter 2 of "CIP Security with Rockwell Automation Products" (publication SECURE-AT001) For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight  to minimize the risk of the vulnerability. Customers can use Stakeholder-Specific Vulnerability Categorization https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc  to generate more environment-specific prioritization.