Search criteria
6 vulnerabilities found for guardlogix_5570_controller_firmware by rockwellautomation
FKIE_CVE-2024-21916
Vulnerability from fkie_nvd - Published: 2024-01-31 19:15 - Updated: 2024-11-21 08:55
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*",
"matchCriteriaId": "06E12A7B-E32C-46DE-891B-B42586053A33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C24E2-4CB6-4413-8D48-588E0246617E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A9D00-9B54-4A85-9E9D-652FA0BC911F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B273FA-0865-4505-AAF8-1676940A3EA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA7904D-3C8B-4CED-B2AB-0CCD266B148F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898183DD-C3AE-42EE-9891-81BFA774476A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en controladores Rockwell Automation ControlLogix ang GuardLogix. Si se explota, el producto podr\u00eda experimentar un fallo importante no recuperable (MNRF). El dispositivo se reiniciar\u00e1 solo para recuperarse del MNRF."
}
],
"id": "CVE-2024-21916",
"lastModified": "2024-11-21T08:55:16.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-31T19:15:08.427",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9343
Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/95304 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95304 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BD15E200-9418-46D7-8A2B-65CFC1E1449F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "38C57303-360E-41DF-9C62-E186341AA9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4B38B3-B47A-4A81-BD8D-8FE6DF9C0A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "44724BF7-2CBF-406A-BA85-40E7B16998AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:softlogix_5800_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8826E6-F7A6-454A-A26B-D6609EEB520E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "5946DCCE-ADFE-45EC-B0AD-C5D46E04B51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "58FE825C-973C-4F2F-8299-F617C0FEDCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5C79F5-313D-4A3E-8816-2232F99A4161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1D140073-F7D3-4C0B-9327-A3E93C789096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:rslogix_emulate_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B232C5B1-C524-47F6-8227-967CF0798810",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "30A47A28-989D-4B08-BCA8-909AE3483F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:17.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA979C5-F4B2-4E8D-9CE6-0FFE26AAEB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9C6862-FC86-49F7-8B7B-34C604620834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "78423885-CAE7-421F-BA99-D48821499FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0402AD-20ED-4592-AC33-B21D03BC5862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBAFDCF-1EA1-4A24-8414-C64874226E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.017:*:*:*:*:*:*:*",
"matchCriteriaId": "2892A68E-D268-437A-98FA-7C915C5D60E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "74D62A17-D6E9-4BA1-805D-E770DCF02DE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B273FA-0865-4505-AAF8-1676940A3EA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:flexlogix_l34_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "01FBAB51-D2C5-4B1B-9B3A-AD906E2DE3A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:flexlogix_l34_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD9612C-B26E-4422-BB8A-199FD1EABA64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6C34B6BD-E714-4C86-AF2C-4CC6923F5B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.020:*:*:*:*:*:*:*",
"matchCriteriaId": "515268CD-2009-45FF-8DAB-FFE3CF118A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.022:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A6C9A1-1B7A-4EE9-AF5B-CF4C709D513F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_l55_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21A399A8-0F0D-400D-8D16-9CA51CFDCA34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "30F1978E-480C-492A-A12E-FDF83DAA7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.050:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7B6B54-B3C9-4578-AC2F-FE5FEE22A9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.055:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B99AA2-4B13-4E2B-91EA-3F121A2C15E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA7DE26-233F-48D3-A74D-921B6F1B1230",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898183DD-C3AE-42EE-9891-81BFA774476A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "00DA5E83-FDE2-46B5-9E8E-BF0A1E66D002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F590CF-95C3-42A8-8E19-661B1FD3BC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A702B034-E805-4E4D-90EC-23874FC00BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "E3861BFC-B7D2-4190-B295-FE655FF74B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF5D5F4-C420-4280-8B5A-07B45B4EBE1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C24E2-4CB6-4413-8D48-588E0246617E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A4286F10-70FB-4F7A-8F6E-32B1022BF7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6644B164-2A73-40F8-ABE5-84776EC1A030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "71C8B99B-30B6-49E9-905B-55582D337A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.050:*:*:*:*:*:*:*",
"matchCriteriaId": "51EB913A-6105-4535-9E51-8AB430366D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.055:*:*:*:*:*:*:*",
"matchCriteriaId": "53357D3A-7A1A-4E95-8B6B-D800095EA110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5560_redundant_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D450A2D-C1CB-4A35-BFCE-542F4947182B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9F0728-400C-4094-A5D7-A9D313EDFDAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.020:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB1F5E7-80A5-4C1F-9C7C-717D86F3FD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.022:*:*:*:*:*:*:*",
"matchCriteriaId": "B505D75B-78E7-4712-963F-C712731F7427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:17.00:*:*:*:*:*:*:*",
"matchCriteriaId": "461EFE7F-7BFE-42E6-A41D-C66903B5A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "664D455C-F227-4996-A333-A8AAF877B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "FF50A215-F526-49F5-94CC-27902ECE9723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC61753-C6F5-470C-B3B0-31D628F6483E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "10F3A5FF-9474-4318-9BBD-321AD9B9BF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "17073213-1F27-4FE5-8DAF-946664A17346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5560_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC83AAAE-2F45-4740-9797-1CB3321ECB01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "ED16846D-55A5-40D1-836E-ABF1CA9D95A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.020:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC6F1D8-8867-4BF2-823C-B20E41C8F17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.023:*:*:*:*:*:*:*",
"matchCriteriaId": "162EBAC2-2D5C-4464-8272-BA6AD23DD2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:17.00:*:*:*:*:*:*:*",
"matchCriteriaId": "20145EE0-9229-4660-AA08-B0F165A4DF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ADFC17-7ADE-4A5F-98C4-53736E548962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0E89B03D-3F84-476B-8385-93E2E8BE0FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4F569C2B-510C-4811-9FB7-C2806C21FAEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "8C611ED6-6BAC-48D3-821F-1AAF0A095506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "5E831CAA-3059-4230-8EEC-97D1F7E4D781",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1769_compactlogix_l3x_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3D7B25-F802-4D94-8986-2AEBDB35FB97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "ED08235F-2897-4307-BA34-5031719EEE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:17.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E3A206-FCEB-4296-A5BA-15207F457B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "872D3223-3BE9-4BC3-8E9A-0F52C4C719DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0F265304-853E-4FF1-8395-164A0576C1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA25A83-9FE3-41BD-88F0-5C09AEE5E0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "8C067A35-A5E9-4EE9-BA07-2123DFE9D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "F917811B-6A16-4674-A4B2-CCF2F086903F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1769_compactlogix_l23x_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "156CF47F-E3BC-483B-A5BE-40DAC4FBCCBE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A864B2-C846-4D24-AA57-C7FAB0777B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "68A75275-595D-466F-A6FA-82DB71714CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "64BFD245-6747-4E49-A56E-67A0145E1661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "925424D2-3595-4ECA-974F-3EA2FFCDE003",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l3_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67A5E47C-FC53-463B-B532-9E205B9E3393",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8043F689-261E-4A94-8EDE-63050A635186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "375B8B2A-A0CF-4822-B641-D6830F82EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "AD700041-A10D-4D77-9450-AD370F109979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2AB490D-A6A1-4B9D-A573-140004696421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l2_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "891A3459-3DB3-4C3A-945A-898092DBCF2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAE1905-F4DA-4A72-982F-1FF82EAE3F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.010:*:*:*:*:*:*:*",
"matchCriteriaId": "CA84CD2A-1039-473F-BAA8-7A187ED3D5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "512FC535-3DE7-4AF2-BAF9-F005EAA04055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:21.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD496C3-ED7D-4FA7-A037-0ADCD40F7149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l1_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B315C5B-6161-42AF-BFA0-846544E84787",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.00:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB40051-9B2F-4DC1-B0B1-583806BD04A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.020:*:*:*:*:*:*:*",
"matchCriteriaId": "23CB7ECE-A664-4B5A-B92B-22F0A5575879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.025:*:*:*:*:*:*:*",
"matchCriteriaId": "AF33630D-E9F6-4FB9-A6DC-BF85486063B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:17.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E09B3755-1F61-4516-8BB1-C300E77C1C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2873C1E4-735D-4F6E-BE24-CA37D74A78D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DD836ECC-41B7-4BB9-86EE-FEF4C7AB50A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8E44AA-4DC8-4D89-A2C4-D3F53B639392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.011:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC38504-BEF0-48EC-8135-F5E922B09FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.016:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD852A4-C347-4350-B6B6-D4BD50ECC673",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1768_compactlogix_l4x_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D9A11-26E1-44EE-814F-F361E5E3BA9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBA3395-2D59-46E5-B145-09B3CCD17E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:19.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E157C9EC-4715-48AE-B770-3906BCE42795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D9890588-8D37-4B5B-8D29-E639B27B164C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.011:*:*:*:*:*:*:*",
"matchCriteriaId": "15685EC8-BDF5-4BDC-888A-E85E8CCA7DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.013:*:*:*:*:*:*:*",
"matchCriteriaId": "F0ED0CC0-BF83-493F-A675-5F1D42D1F818",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:1768_compact_guardlogix_l4xs_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "255EBEF7-AA35-42EC-A11F-1F36B9081996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
},
{
"lang": "es",
"value": "Ha sido descubierto un problema en Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 a 21.00 (excluyendo todas las versiones de firmware anteriores a FRN 16.00, que no se ven afectadas). Al enviar un paquete de protocolo industrial com\u00fan (CIP) malformado, un atacante puede realizar un desbordamiento de b\u00fafer basado en pila y ejecutar c\u00f3digo en el controlador o iniciar un fallo irrecuperable que da como resultado una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2016-9343",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T21:59:01.707",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95304"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-21916 (GCVE-0-2024-21916)
Vulnerability from cvelistv5 – Published: 2024-01-31 18:28 – Updated: 2024-08-01 22:35
VLAI?
Summary
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
Severity ?
8.6 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | ControlLogix® 5570 |
Affected:
20.011
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "controllogix_5570_controller_firmware",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "guardlogix_5570_controller_firmware",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "controllogix_5570_redundant_controller_firmware",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "20.054_kit1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T05:00:32.025684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T19:54:41.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ControlLogix\u00ae 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GuardLogix\u00ae 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix\u00ae 5570 redundant",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "20.054_kit1"
}
]
}
],
"datePublic": "2024-01-30T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMNRF.\u003c/a\u003e"
}
],
"value": "\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T18:28:59.715Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to corrected Firmware.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eAffected Product\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eFirst Known in Firmware\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in Firmware\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eControlLogix\u00ae 5570\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e20.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev33.016, 34.013, 35.012, 36.011 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eGuardLogix\u00ae 5570\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e20.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev33.016, 34.013, 35.012, 36.011 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eControlLogix\u00ae 5570 redundant\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e20.054_kit1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n * Update to corrected Firmware.\u00a0\n\n\n\n\nAffected Product\n\nFirst Known in Firmware\n\nCorrected in Firmware\n\nControlLogix\u00ae 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nGuardLogix\u00ae 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nControlLogix\u00ae 5570 redundant\n\n20.054_kit1\n\nv33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21916",
"datePublished": "2024-01-31T18:28:59.715Z",
"dateReserved": "2024-01-03T16:40:50.367Z",
"dateUpdated": "2024-08-01T22:35:34.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9343 (GCVE-0-2016-9343)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
Severity ?
No CVSS data available.
CWE
- Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 |
Affected:
Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"name": "95304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"name": "95304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"name": "95304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9343",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21916 (GCVE-0-2024-21916)
Vulnerability from nvd – Published: 2024-01-31 18:28 – Updated: 2024-08-01 22:35
VLAI?
Summary
A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.
Severity ?
8.6 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Rockwell Automation | ControlLogix® 5570 |
Affected:
20.011
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "controllogix_5570_controller_firmware",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "guardlogix_5570_controller_firmware",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "controllogix_5570_redundant_controller_firmware",
"vendor": "rockwellautomation",
"versions": [
{
"status": "affected",
"version": "20.054_kit1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T05:00:32.025684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T19:54:41.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ControlLogix\u00ae 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GuardLogix\u00ae 5570",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "20.011"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ControlLogix\u00ae 5570 redundant",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "20.054_kit1"
}
]
}
],
"datePublic": "2024-01-30T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eMNRF.\u003c/a\u003e"
}
],
"value": "\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T18:28:59.715Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpdate to corrected Firmware.\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eAffected Product\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eFirst Known in Firmware\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eCorrected in Firmware\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eControlLogix\u00ae 5570\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e20.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev33.016, 34.013, 35.012, 36.011 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eGuardLogix\u00ae 5570\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e20.011\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev33.016, 34.013, 35.012, 36.011 and later\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eControlLogix\u00ae 5570 redundant\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e20.054_kit1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003ev33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n * Update to corrected Firmware.\u00a0\n\n\n\n\nAffected Product\n\nFirst Known in Firmware\n\nCorrected in Firmware\n\nControlLogix\u00ae 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nGuardLogix\u00ae 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nControlLogix\u00ae 5570 redundant\n\n20.054_kit1\n\nv33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21916",
"datePublished": "2024-01-31T18:28:59.715Z",
"dateReserved": "2024-01-03T16:40:50.367Z",
"dateUpdated": "2024-08-01T22:35:34.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9343 (GCVE-0-2016-9343)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50
VLAI?
Summary
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
Severity ?
No CVSS data available.
CWE
- Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 |
Affected:
Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"name": "95304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"name": "95304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95304"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05"
},
{
"name": "95304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95304"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9343",
"datePublished": "2017-02-13T21:00:00",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}