A high-severity denial-of-service vulnerability in the Rockwell Automation MicroLogix 1100 allows unauthenticated remote attackers to crash the controller during operation.

This vulnerability allows a remote, unauthenticated attacker to send specially crafted commands to the PLC. When the controller is switched to RUN mode, these commands trigger a fault, resulting in a persistent denial-of-service condition.

With a CVSS score of 8.6, this vulnerability poses a severe threat to industrial availability. Exploitation forces the controller to fault, effectively disabling the automated system. This could lead to unplanned production outages, requiring manual intervention to restore normal operations.

Immediate Action: Refer to the CISA ICS advisory (ICSA-21-189-01) and apply the vendor-recommended updates or mitigating configurations immediately.

Proactive Monitoring: Monitor PLC status and error logs for unexpected fault conditions or unauthorized command sequences.

Compensating Controls: Isolate the PLC from external networks and strictly control access to the controller’s communication interfaces to prevent unauthenticated command injection.

Public Exploit Available: false

Given that this vulnerability affects all versions of the MicroLogix 1100 and leads to a total denial-of-service, it must be addressed immediately. Organizations should prioritize network isolation and vendor-provided patches to ensure the resilience of their control systems.