Vulnerabilites related to rockwellautomation - 1756-en4tr_firmware
Vulnerability from fkie_nvd
Published
2024-04-15 22:15
Modified
2025-03-04 17:43
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "A29D3775-CAB3-45CF-96CE-71D0672C7E37", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "64CAC9B1-19E5-44BB-B814-DDA98B7290E4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "006B7683-9FDF-4748-BA28-2EA22613E092", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "305CDBFF-404A-45F5-A391-1B18F446D1B8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "EDD040ED-B44C-47D0-B4D4-729C378C4F68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "9232043F-8A87-446C-8B7E-F8E400AA6F68", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "62414E65-73C7-4172-B7BF-F40A66AFBB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*", matchCriteriaId: "91162BBB-AD61-4191-B00A-FDE767268F13", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", matchCriteriaId: "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "4A1541AE-A429-455E-94C4-3420183CE7CF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*", matchCriteriaId: "AFEDADD8-01DE-4AE5-A0D7-532347FA7DB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5380_process_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "DF838222-B4B6-4A66-B3CE-55E643368754", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5380_process:-:*:*:*:*:*:*:*", matchCriteriaId: "77BCC249-D601-4A82-9247-C0981BF990FC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*", matchCriteriaId: "61F8EA3B-C51C-4CB1-9BB3-017577DC6684", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", matchCriteriaId: "80F4F5BE-07DF-402A-BF98-34FBA6A11968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nA specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. \n\n", }, { lang: "es", value: "Un tipo de paquete fragmentado con formato incorrecto específico (los dispositivos que envían grandes cantidades de datos pueden generar paquetes fragmentados automáticamente) puede causar una falla mayor no recuperable (MNRF) en ControlLogix 5580, Guard Logix 5580, CompactLogix 5380 y 1756-EN4TR de Rockwell Automation. Si se explota, el producto afectado dejará de estar disponible y requerirá un reinicio manual para recuperarlo. Además, un MNRF podría provocar una pérdida de visión y/o control de los dispositivos conectados.", }, ], id: "CVE-2024-3493", lastModified: "2025-03-04T17:43:27.223", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-15T22:15:09.073", references: [ { source: "PSIRT@rockwellautomation.com", tags: [ "Broken Link", ], url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html", }, ], sourceIdentifier: "PSIRT@rockwellautomation.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 17:15
Modified
2025-02-27 19:30
Severity ?
Summary
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADC47AB0-6712-473D-976D-4FE7CCFC2532", versionEndExcluding: "33.015", versionStartIncluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "EDD040ED-B44C-47D0-B4D4-729C378C4F68", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C7450A3-7B44-4CDE-B71A-91F4A695B922", versionEndExcluding: "33.015", versionStartIncluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", matchCriteriaId: "62414E65-73C7-4172-B7BF-F40A66AFBB90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "209FB84C-5C5D-49D4-B7EF-24BCF8448CDD", versionEndExcluding: "33.015", versionStartIncluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", matchCriteriaId: "80F4F5BE-07DF-402A-BF98-34FBA6A11968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C2411ED-FD7A-4A60-87EE-9B530050CCF1", versionEndExcluding: "33.015", versionStartIncluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D37F9CEA-510D-41EE-B999-F86AF481ACEC", versionEndExcluding: "33.015", versionStartIncluding: "33.011", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", matchCriteriaId: "006B7683-9FDF-4748-BA28-2EA22613E092", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*", matchCriteriaId: "6CF51B29-F0CF-44DC-819E-4DC700D82BA7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", matchCriteriaId: "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.", }, { lang: "es", value: "Debido a una fuga de memoria, existe una vulnerabilidad de denegación de servicio en los productos afectados de Rockwell Automation. Un agente malintencionado podría aprovechar esta vulnerabilidad realizando múltiples acciones en determinadas páginas web del producto, lo que provocaría que los productos afectados dejaran de estar disponibles por completo y fuera necesario apagar y encender para recuperarse.", }, ], id: "CVE-2024-8626", lastModified: "2025-02-27T19:30:07.490", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 8.7, baseSeverity: "HIGH", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "PSIRT@rockwellautomation.com", type: "Secondary", }, ], }, published: "2024-10-08T17:15:56.240", references: [ { source: "PSIRT@rockwellautomation.com", tags: [ "Vendor Advisory", ], url: "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html", }, ], sourceIdentifier: "PSIRT@rockwellautomation.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-12 13:15
Modified
2024-11-21 08:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT@rockwellautomation.com | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 | Permissions Required, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "DB4EB5E2-9FB4-419E-B23A-458436E61121", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", matchCriteriaId: "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:1756-en4trk_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AEF09D94-1AE1-4449-8ECA-0A5B1F5019C9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*", matchCriteriaId: "4BE4EFEA-79D9-4903-8272-49756A014BD4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:rockwellautomation:1756-en4trxt_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "12EE978F-DECE-4572-93AE-026D3EDC5878", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*", matchCriteriaId: "E45471FA-99BF-4F57-BFC8-224BB9576670", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n", }, ], id: "CVE-2023-3596", lastModified: "2024-11-21T08:17:37.873", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-12T13:15:09.947", references: [ { source: "PSIRT@rockwellautomation.com", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010", }, ], sourceIdentifier: "PSIRT@rockwellautomation.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "PSIRT@rockwellautomation.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-3596
Vulnerability from cvelistv5
Published
2023-07-12 12:51
Modified
2024-11-07 16:59
Severity ?
EPSS score ?
Summary
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | 1756-EN4TR Series A |
Version: <=5.001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:01:56.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "1756-en4tr", vendor: "rockwellautomation", versions: [ { lessThanOrEqual: "5.001", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:rockwellautomation:1756-en4trk:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "1756-en4trk", vendor: "rockwellautomation", versions: [ { lessThanOrEqual: "5.001", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:rockwellautomation:1756-en4trxt:-:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "1756-en4trxt", vendor: "rockwellautomation", versions: [ { lessThanOrEqual: "5.001", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-3596", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T16:56:23.761081Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T16:59:33.267Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "1756-EN4TR Series A", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "<=5.001", }, ], }, { defaultStatus: "unaffected", product: "1756-EN4TRK Series A", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "<=5.001", }, ], }, { defaultStatus: "unaffected", product: "1756-EN4TRXT Series A\t", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "<=5.001", }, ], }, ], datePublic: "2023-07-12T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.</span>\n\n", }, ], value: "\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\n", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-12T13:16:21.672Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<ul><li><strong>Update firmware. </strong>Update EN4* ControlLogix communications modules to firmware revision 5.002. </li><li><strong>Properly segment networks.</strong> Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. </li><li><strong>Implement detection signatures.</strong> Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. </li></ul>\n\n<br>", }, ], value: "\n * Update firmware. Update EN4* ControlLogix communications modules to firmware revision 5.002. \n * Properly segment networks. Given a cyber actor would require network connectivity to the communication module to exploit the vulnerability, organizations should ensure ICS/SCADA networks are properly segmented within the process structure as well as from the Internet and other non-essential networks. \n * Implement detection signatures. Use appended Snort signatures to monitor and detect anomalous Common Industrial Protocol (CIP) packets to Rockwell Automation devices. \n\n\n\n\n\n", }, ], source: { discovery: "UNKNOWN", }, title: "Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2023-3596", datePublished: "2023-07-12T12:51:19.498Z", dateReserved: "2023-07-10T15:34:53.790Z", dateUpdated: "2024-11-07T16:59:33.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8626
Vulnerability from cvelistv5
Published
2024-10-08 16:35
Modified
2024-10-08 17:36
Severity ?
EPSS score ?
Summary
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | CompactLogix 5380 controllers |
Version: v33.011 < |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "compactlogix_5380_firmware", vendor: "rockwellautomation", versions: [ { lessThan: "33.015", status: "affected", version: "33.011", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "compact_guardlogix_5380_firmware", vendor: "rockwellautomation", versions: [ { lessThan: "33.015", status: "affected", version: "33.011", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "compactlogix_5480_firmware", vendor: "rockwellautomation", versions: [ { lessThan: "33.015", status: "affected", version: "33.011", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "guardlogix_5580_firmware", vendor: "rockwellautomation", versions: [ { lessThan: "33.015", status: "affected", version: "33.001", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "1756-en4tr_firmware", vendor: "rockwellautomation", versions: [ { status: "affected", version: "3.002", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8626", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T17:29:59.695076Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T17:36:25.719Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "CompactLogix 5380 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v33.011 <", }, ], }, { defaultStatus: "unaffected", product: "Compact GuardLogix® 5380 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v33.011<", }, ], }, { defaultStatus: "unaffected", product: "CompactLogix 5480 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v33.011<", }, ], }, { defaultStatus: "unaffected", product: "GuardLogix 5580 controllers", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v33.011<", }, ], }, { defaultStatus: "unaffected", product: "1756-EN4TR", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v3.002", }, ], }, ], datePublic: "2024-10-08T16:24:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. </span>", }, ], value: "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.", }, ], impacts: [ { capecId: "CAPEC-124", descriptions: [ { lang: "en", value: "CAPEC-124 Shared Resource Manipulation", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 8.7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:35:04.513Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<table><tbody><tr><td><p><br>Affected Product </p></td><td><p> </p><p> </p><p>First Known in firmware Revision</p><p> </p><p> </p></td><td><p> </p><p> </p><p>Corrected in Firmware Revision</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>CompactLogix 5380 controllers</p><p> </p><p> </p></td><td><p> </p><p> </p><p>v33.011 <</p><p> </p><p> </p></td><td rowspan=\"5\"><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><p> </p><ul><li><p>v33.015 and later for versions 33</p></li></ul><p> </p><p> </p><ul><li><p>v34.011 and later</p></li></ul><p> </p><p> </p><p> </p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>Compact GuardLogix® 5380 controllers</p><p> </p><p> </p></td><td><p> </p><p> </p><p>v33.011<</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>CompactLogix 5480 controllers</p><p> </p><p> </p></td><td><p> </p><p> </p><p>v33.011<</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>ControlLogix 5580 controllers</p><p> </p><p> </p></td><td><p> </p><p> </p><p>v33.011<</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>GuardLogix 5580 controllers</p><p> </p><p> </p></td><td><p> </p><p> </p><p>v33.011<</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>1756-EN4TR</p><p> </p><p> </p></td><td><p> </p><p> </p><p>v3.002</p><p> </p><p> </p></td><td><p> </p><p> </p><ul><li><p>4.001 and later</p></li></ul><p> </p><p> </p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds </p><p>Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a> </p></li></ul>\n\n<br>", }, ], value: "Affected Product \n\n \n\n \n\nFirst Known in firmware Revision\n\n \n\n \n\n \n\n \n\nCorrected in Firmware Revision\n\n \n\n \n\n \n\n \n\nCompactLogix 5380 controllers\n\n \n\n \n\n \n\n \n\nv33.011 <\n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\n * v33.015 and later for versions 33\n\n\n\n\n \n\n \n\n * v34.011 and later\n\n\n\n\n \n\n \n\n \n\n \n\n \n\n \n\n \n\nCompact GuardLogix® 5380 controllers\n\n \n\n \n\n \n\n \n\nv33.011<\n\n \n\n \n\n \n\n \n\nCompactLogix 5480 controllers\n\n \n\n \n\n \n\n \n\nv33.011<\n\n \n\n \n\n \n\n \n\nControlLogix 5580 controllers\n\n \n\n \n\n \n\n \n\nv33.011<\n\n \n\n \n\n \n\n \n\nGuardLogix 5580 controllers\n\n \n\n \n\n \n\n \n\nv33.011<\n\n \n\n \n\n \n\n \n\n1756-EN4TR\n\n \n\n \n\n \n\n \n\nv3.002\n\n \n\n \n\n \n\n \n\n * 4.001 and later\n\n\n\n\n \n\n \n\n\n\n\nMitigations and Workarounds \n\nCustomers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", }, ], source: { advisory: "SD1706", discovery: "EXTERNAL", }, title: "Logix Controllers Vulnerable to Denial-of-Service Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2024-8626", datePublished: "2024-10-08T16:35:04.513Z", dateReserved: "2024-09-09T20:33:30.575Z", dateUpdated: "2024-10-08T17:36:25.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3493
Vulnerability from cvelistv5
Published
2024-04-15 21:17
Modified
2024-08-12 15:16
Severity ?
EPSS score ?
Summary
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Rockwell Automation | ControlLogix 5580 |
Version: v35.011 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T20:12:07.675Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "guardlogix_5580_firmware", vendor: "rockwellautomation", versions: [ { status: "affected", version: "35.011", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:5.001:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "compactlogix_5380_firmware", vendor: "rockwellautomation", versions: [ { status: "affected", version: "35.011", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "1756-en4tr_firmware", vendor: "rockwellautomation", versions: [ { status: "affected", version: "5.001", }, ], }, { cpes: [ "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "1756-en4tr_firmware", vendor: "rockwellautomation", versions: [ { status: "affected", version: "5.001", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-3493", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-12T15:09:28.736089Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-12T15:16:08.155Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ControlLogix 5580", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v35.011", }, ], }, { defaultStatus: "unaffected", product: "GuardLogix 5580", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v35.011", }, ], }, { defaultStatus: "unaffected", product: "CompactLogix 5380", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v5.001", }, ], }, { defaultStatus: "unaffected", product: "1756-EN4TR", vendor: "Rockwell Automation", versions: [ { status: "affected", version: "v5.001", }, ], }, ], datePublic: "2024-04-12T01:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. </span>\n\n", }, ], value: "\nA specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. \n\n", }, ], impacts: [ { capecId: "CAPEC-137", descriptions: [ { lang: "en", value: "CAPEC-137 Parameter Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-15T21:29:33.269Z", orgId: "b73dd486-f505-4403-b634-40b078b177f0", shortName: "Rockwell", }, references: [ { url: "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>\n\n</p><table><tbody><tr><td><p><br>Affected Product</p><p> </p><p> </p></td><td><p> </p><p> </p><p>First Known in Firmware Revision</p><p> </p><p> </p></td><td><p> </p><p> </p><p>Corrected in Firmware Revision</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>ControlLogix® 5580</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V35.011</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V35.013, V36.011</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>GuardLogix 5580</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V35.011</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V35.013, V36.011</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>CompactLogix 5380</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V35.011</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V35.013, V36.011</p><p> </p><p> </p></td></tr><tr><td><p> </p><p> </p><p>1756-EN4TR</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V5.001</p><p> </p><p> </p></td><td><p> </p><p> </p><p>V6.001</p><p> </p><p> </p></td></tr></tbody></table>\n\n<br><br><p></p><p>Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a> </p></li></ul>\n\n<br>", }, ], value: "\nAffected Product\n\n \n\n \n\n \n\n \n\nFirst Known in Firmware Revision\n\n \n\n \n\n \n\n \n\nCorrected in Firmware Revision\n\n \n\n \n\n \n\n \n\nControlLogix® 5580\n\n \n\n \n\n \n\n \n\nV35.011\n\n \n\n \n\n \n\n \n\nV35.013, V36.011\n\n \n\n \n\n \n\n \n\nGuardLogix 5580\n\n \n\n \n\n \n\n \n\nV35.011\n\n \n\n \n\n \n\n \n\nV35.013, V36.011\n\n \n\n \n\n \n\n \n\nCompactLogix 5380\n\n \n\n \n\n \n\n \n\nV35.011\n\n \n\n \n\n \n\n \n\nV35.013, V36.011\n\n \n\n \n\n \n\n \n\n1756-EN4TR\n\n \n\n \n\n \n\n \n\nV5.001\n\n \n\n \n\n \n\n \n\nV6.001\n\n \n\n \n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \n\n", }, ], source: { discovery: "INTERNAL", }, title: "Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "b73dd486-f505-4403-b634-40b078b177f0", assignerShortName: "Rockwell", cveId: "CVE-2024-3493", datePublished: "2024-04-15T21:17:36.077Z", dateReserved: "2024-04-08T21:46:38.867Z", dateUpdated: "2024-08-12T15:16:08.155Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }