Horizon Alert
Summary of the vulnerability and why it matters
A denial-of-service vulnerability has been identified in specific industrial controllers that could allow a remote user to cause a critical, unrecoverable system fault. The main concern is confirming relevance and exposure within your operational technology environments.
- Remote attackers can cause system failure.
- Affects industrial controllers; confirm operational relevance.
- Understand potential operational disruption.
Attack Path
How an attacker could exploit the issue
An attacker could target this vulnerability by remotely sending specially crafted project data to a vulnerable controller. If the controller attempts to load this invalid project, it can become unresponsive due to a critical, unrecoverable fault.
- Remote access to the controller is required.
- Loading an invalid project triggers the issue.
- The device enters a major fault state.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could affect the availability of 5370/5570 controllers when an invalid project is loaded remotely. This may cause the device to enter a major non-recoverable fault (MNRF), disrupting its normal operations.
- Controller availability is at risk.
- Remote loading of invalid projects.
- Device enters unrecoverable fault.
Operational Fix
Recommended remediation, mitigation, and detection steps
The denial-of-service vulnerability in 5370/5570 controllers, which can be triggered by loading an invalid project, likely falls under the responsibility of operational technology (OT) infrastructure teams or platform owners. The first practical step is to identify all deployed 5370/5570 controllers within the environment, determine their network reachability and business criticality, and confirm the accountable owner before planning remediation.
- Identify controller ownership and scope.
- Verify device reachability and criticality.
- Plan remediation based on risk.