CVE-2024-7515

Published: Aug 14, 2024Modified: Mar 4, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: PSIRT@rockwellautomation.com (Secondary)

Description

CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.

Affected (12)

Products: Rockwellautomation: Compactlogix 5380 Firmware, Controllogix 5580 Firmware, Guardlogix 5580 Firmware, Compact Guardlogix 5380 Sil 2 Firmware, Compact Guardlogix 5380 Sil 3 Firmware, Compactlogix 5480 Firmware

Rockwellautomation

6 products

Compactlogix 5380 Firmware

Controllogix 5580 Firmware

Guardlogix 5580 Firmware

Compact Guardlogix 5380 Sil 2 Firmware

Compact Guardlogix 5380 Sil 3 Firmware

Compactlogix 5480 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5380 Firmware	From 28.011 to 34.014
Rockwellautomation Compactlogix 5380 Firmware	Version 35.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5380	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Controllogix 5580 Firmware	From 28.011 to 34.014
Rockwellautomation Controllogix 5580 Firmware	Version 35.011

Running on/with	Platform Versions
Rockwellautomation Controllogix 5580	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Guardlogix 5580 Firmware	From 31.011 to 34.014
Rockwellautomation Guardlogix 5580 Firmware	Version 35.011

Running on/with	Platform Versions
Rockwellautomation Guardlogix 5580	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware	From 31.011 to 34.014
Rockwellautomation Compact Guardlogix 5380 Sil 2 Firmware	Version 35.011

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380 Sil 2	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware	From 32.013 to 34.014
Rockwellautomation Compact Guardlogix 5380 Sil 3 Firmware	Version 35.011

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380 Sil 3	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5480 Firmware	From 32.011 to 34.014
Rockwellautomation Compactlogix 5480 Firmware	Version 35.011

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5480	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.html

Source: PSIRT@rockwellautomation.com

Vendor Advisory

Timeline

No history available yet.