CVE-2024-8626

Published: Oct 8, 2024Modified: Feb 27, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: PSIRT@rockwellautomation.com (Secondary)

Description

Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.

Affected (6)

Products: Rockwellautomation: Compactlogix 5380 Firmware, Compact Guardlogix 5380 Firmware, Compactlogix 5480 Firmware, Controllogix 5580 Firmware, Guardlogix 5580 Firmware, 1756 En4tr Firmware

Rockwellautomation

6 products

Compactlogix 5380 Firmware

Compact Guardlogix 5380 Firmware

Compactlogix 5480 Firmware

Controllogix 5580 Firmware

Guardlogix 5580 Firmware

1756 En4tr Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5380 Firmware	From 33.011 to 33.015

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5380	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compact Guardlogix 5380 Firmware	From 33.011 to 33.015

Running on/with	Platform Versions
Rockwellautomation Compact Guardlogix 5380	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Compactlogix 5480 Firmware	From 33.011 to 33.015

Running on/with	Platform Versions
Rockwellautomation Compactlogix 5480	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Controllogix 5580 Firmware	From 33.011 to 33.015

Running on/with	Platform Versions
Rockwellautomation Controllogix 5580	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Guardlogix 5580 Firmware	From 33.011 to 33.015

Running on/with	Platform Versions
Rockwellautomation Guardlogix 5580	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation 1756 En4tr Firmware	Version 3.002

Running on/with	Platform Versions
Rockwellautomation 1756 En4tr	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (1)

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html

Source: PSIRT@rockwellautomation.com

Vendor Advisory

Timeline

No history available yet.