Controllogix 5580 Compactlogix 5380 Guardlogix 5580 Compact Guardlogix 5380 1756 En4Tr
Monthly
Certificate revocation bypass in Rockwell Automation ControlLogix 5580, CompactLogix 5380, GuardLogix 5580, Compact GuardLogix 5380, and 1756-EN4TR (EN4) communication modules allows a network-based attacker to establish a CIP Security connection using a certificate whose issuing intermediate CA has been revoked. Because the controller does not honor the Certificate Revocation List (CRL) for a revoked intermediate, an attacker holding such a certificate can present it as trusted and bypass CIP Security authentication. No public exploit identified at time of analysis; the vendor rates it CVSS 4.0 8.2 (High).
Certificate revocation bypass in Rockwell Automation ControlLogix 5580, CompactLogix 5380, GuardLogix 5580, Compact GuardLogix 5380, and 1756-EN4TR (EN4) communication modules allows a network-based attacker to establish a CIP Security connection using a certificate whose issuing intermediate CA has been revoked. Because the controller does not honor the Certificate Revocation List (CRL) for a revoked intermediate, an attacker holding such a certificate can present it as trusted and bypass CIP Security authentication. No public exploit identified at time of analysis; the vendor rates it CVSS 4.0 8.2 (High).