CVE-2024-6077

Published: Sep 12, 2024Modified: Sep 19, 2024

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: PSIRT@rockwellautomation.com (Secondary)

Description

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

Affected (7)

Products: Rockwellautomation: Compactlogix 5380 Firmware, Compact Guardlogix 5380 Sil 2 Firmware, Compact Guardlogix 5380 Sil 3 Firmware, Compactlogix 5480 Firmware, Controllogix 5580 Firmware, Guardlogix 5580 Firmware, 1756 En4 Firmware

Rockwellautomation

7 products

Compactlogix 5380 Firmware

Compact Guardlogix 5380 Sil 2 Firmware

Compact Guardlogix 5380 Sil 3 Firmware

Compactlogix 5480 Firmware

Controllogix 5580 Firmware

Guardlogix 5580 Firmware

1756 En4 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5380 Firmware	Version 32.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5380	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware	Version 32.013

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380 Sil 2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware	Version 32.011

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380 Sil 3	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5480 Firmware	Version 32.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5480	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Controllogix 5580 Firmware	Version 33.011

Running on/with	Platform Versions
Rockwellautomation Controllogix 5580	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Guardlogix 5580 Firmware	Version 32.011

Running on/with	Platform Versions
Rockwellautomation Guardlogix 5580	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation 1756 En4 Firmware	Version 2.001

Running on/with	Platform Versions
Rockwellautomation 1756 En4	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html

Source: PSIRT@rockwellautomation.com

Vendor Advisory

Timeline

No history available yet.