cvelistv5 - cve-2017-6024

CVE-2017-6024 (GCVE-0-2017-6024)

Vulnerability from cvelistv5 – Published: 2017-05-06 00:00 – Updated: 2024-08-05 15:18

Summary

Severity ?

No CVSS data available.

CWE

CWE-400

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Rockwell Automation ControlLogix 5580 and CompactLogix 5380	Affected: Rockwell Automation ControlLogix 5580 and CompactLogix 5380

CNVD-2017-07081

Vulnerability from cnvd - Published: 2017-05-19

Title

Rockwell Automation远程拒绝服务漏洞

Description

Rockwell Automation是提供工业自动化、电源、控制及资讯方案的公司。 Rockwell Automation多个产品在实现上存在远程拒绝服务漏洞，攻击者可利用该漏洞造成拒绝服务。

Severity

高

Patch Name

Rockwell Automation远程拒绝服务漏洞的补丁

Patch Description

Rockwell Automation是提供工业自动化、电源、控制及资讯方案的公司。 Rockwell Automation多个产品在实现上存在远程拒绝服务漏洞，攻击者可利用该漏洞造成受影响产品拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-L8&crumb=112

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6024 http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-L8&crumb=112 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041420 http://www.rockwellautomation.com/security/overview.page

Impacted products

Name
['Rockwell Automation ControlLogix 5580 29.011', 'Rockwell Automation ControlLogix 5580 controllers V28.011', 'Rockwell Automation ControlLogix 5580 controllers V28.012', 'Rockwell Automation ControlLogix 5580 controllers V28.013', 'Rockwell Automation ControlLogix 5580 controllers V29.011', 'Rockwell Automation CompactLogix 5380 controllers V28.011', 'Rockwell Automation CompactLogix 5380 controllers V29.011']

Name

['Rockwell Automation ControlLogix 5580 29.011', 'Rockwell Automation ControlLogix 5580 controllers V28.011', 'Rockwell Automation ControlLogix 5580 controllers V28.012', 'Rockwell Automation ControlLogix 5580 controllers V28.013', 'Rockwell Automation ControlLogix 5580 controllers V29.011', 'Rockwell Automation CompactLogix 5380 controllers V28.011', 'Rockwell Automation CompactLogix 5380 controllers V29.011']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98309"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6024",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6024"
    }
  },
  "description": "Rockwell Automation\u662f\u63d0\u4f9b\u5de5\u4e1a\u81ea\u52a8\u5316\u3001\u7535\u6e90\u3001\u63a7\u5236\u53ca\u8d44\u8baf\u65b9\u6848\u7684\u516c\u53f8\u3002\r\n\r\nRockwell Automation\u591a\u4e2a\u4ea7\u54c1\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Rockwell Automation",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-L8\u0026crumb=112",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-07081",
  "openTime": "2017-05-19",
  "patchDescription": "Rockwell Automation\u662f\u63d0\u4f9b\u5de5\u4e1a\u81ea\u52a8\u5316\u3001\u7535\u6e90\u3001\u63a7\u5236\u53ca\u8d44\u8baf\u65b9\u6848\u7684\u516c\u53f8\u3002\r\n\r\nRockwell Automation\u591a\u4e2a\u4ea7\u54c1\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u53d7\u5f71\u54cd\u4ea7\u54c1\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rockwell Automation\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation ControlLogix 5580 29.011",
      "Rockwell Automation ControlLogix 5580 controllers V28.011",
      "Rockwell Automation ControlLogix 5580 controllers V28.012",
      "Rockwell Automation ControlLogix 5580 controllers V28.013",
      "Rockwell Automation ControlLogix 5580 controllers V29.011",
      "Rockwell Automation CompactLogix 5380 controllers  V28.011",
      "Rockwell Automation CompactLogix 5380 controllers  V29.011"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6024\r\nhttp://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-L8\u0026crumb=112\r\nhttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041420\r\nhttp://www.rockwellautomation.com/security/overview.page",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-08",
  "title": "Rockwell Automation\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-V2X5-JQ6X-Q6HF

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-06T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.",
  "id": "GHSA-v2x5-jq6x-q6hf",
  "modified": "2022-05-13T01:03:07Z",
  "published": "2022-05-13T01:03:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6024"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98309"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-6024

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6024

Aliases

CVE-2017-6024

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6024",
    "description": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.",
    "id": "GSD-2017-6024"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6024"
      ],
      "details": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.",
      "id": "GSD-2017-6024",
      "modified": "2023-12-13T01:21:09.564785Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6024",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Rockwell Automation ControlLogix 5580 and CompactLogix 5380",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Rockwell Automation ControlLogix 5580 and CompactLogix 5380"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05"
          },
          {
            "name": "98309",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98309"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:v28.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:v29.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v29.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.012:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.013:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6024"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05"
            },
            {
              "name": "98309",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98309"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-03-23T14:09Z",
      "publishedDate": "2017-05-06T00:29Z"
    }
  }
}

VAR-201705-3537

Vulnerability from variot - Updated: 2023-12-18 12:51

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. Rockwell Automation is a company that provides industrial automation, power, control and information solutions. An attacker can exploit this issue to cause denial-of-service condition. The following products are affected: Rockwell Automation ControlLogix 5580 controller versions 28.011, 28.012, 28.013, and 29.011

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3537",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "controllogix 5580",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rockwellautomation",
        "version": "v28.011"
      },
      {
        "model": "controllogix 5580",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rockwellautomation",
        "version": "v28.013"
      },
      {
        "model": "controllogix 5580",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rockwellautomation",
        "version": "v28.012"
      },
      {
        "model": "controllogix 5580",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "rockwellautomation",
        "version": "v29.011"
      },
      {
        "model": "compactlogix 5380",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "v28.011"
      },
      {
        "model": "compactlogix 5380",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "v29.011"
      },
      {
        "model": "automation controllogix",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "rockwell",
        "version": "558029.011"
      },
      {
        "model": "compactlogix 5380 controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "28.011"
      },
      {
        "model": "compactlogix 5380 controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "29.011"
      },
      {
        "model": "controllogix 5580 controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "28.011"
      },
      {
        "model": "controllogix 5580 controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "28.012"
      },
      {
        "model": "controllogix 5580 controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "28.013"
      },
      {
        "model": "controllogix 5580 controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "29.011"
      },
      {
        "model": "automation controllogix controllers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5580v28.011"
      },
      {
        "model": "automation controllogix controllers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5580v28.012"
      },
      {
        "model": "automation controllogix controllers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5580v28.013"
      },
      {
        "model": "automation controllogix controllers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5580v29.011"
      },
      {
        "model": "automation compactlogix controllers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5380v28.011"
      },
      {
        "model": "automation compactlogix controllers",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5380v29.011"
      },
      {
        "model": "compactlogix 5830",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwellautomation",
        "version": "v28.011"
      },
      {
        "model": "compactlogix 5830",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwellautomation",
        "version": "v29.011"
      },
      {
        "model": "automation controllogix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "558028.013"
      },
      {
        "model": "automation controllogix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "558028.012"
      },
      {
        "model": "automation controllogix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "558028.011"
      },
      {
        "model": "automation compactlogix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "538029.011"
      },
      {
        "model": "automation compactlogix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "538028.011"
      },
      {
        "model": "automation controllogix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "558030.011"
      },
      {
        "model": "automation compactlogix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "538030.011"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "compactlogix 5830",
        "version": "v28.011"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "compactlogix 5830",
        "version": "v29.011"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "controllogix 5580",
        "version": "v28.011"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "controllogix 5580",
        "version": "v28.012"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "controllogix 5580",
        "version": "v28.013"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "controllogix 5580",
        "version": "v29.011"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "BID",
        "id": "98309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:v28.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:v29.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v29.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.012:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.011:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.013:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "98309"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6024",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6024",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-07081",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "d8ac2573-223b-482d-a969-c783c7262aac",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-114227",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6024",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6024",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07081",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-588",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "d8ac2573-223b-482d-a969-c783c7262aac",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114227",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. Rockwell Automation is a company that provides industrial automation, power, control and information solutions. \nAn attacker can exploit this issue to cause denial-of-service condition. \nThe following products are affected:\nRockwell Automation ControlLogix 5580 controller versions 28.011, 28.012, 28.013, and 29.011",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "BID",
        "id": "98309"
      },
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6024",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-05",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "98309",
        "trust": 2.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "D8AC2573-223B-482D-A969-C783C7262AAC",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "db": "BID",
        "id": "98309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "id": "VAR-201705-3537",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      }
    ],
    "trust": 1.75294116
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:51:13.758000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ControlLogix 5580\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
        "trust": 0.8,
        "url": "http://ab.rockwellautomation.com/ja/programmable-controllers/controllogix/5580-controllers"
      },
      {
        "title": "CompactLogix 5380\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9",
        "trust": 0.8,
        "url": "http://ab.rockwellautomation.com/ja/programmable-controllers/compactlogix-5380-controllers"
      },
      {
        "title": "Rockwell Automation Remote Denial of Service Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/94056"
      },
      {
        "title": "Multiple Rockwell Automation Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99644"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-05"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98309"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6024"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6024"
      },
      {
        "trust": 0.6,
        "url": "http://compatibility.rockwellautomation.com/pages/multiproductdownload.aspx?keyword=1756-l8\u0026crumb=112"
      },
      {
        "trust": 0.6,
        "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041420"
      },
      {
        "trust": 0.6,
        "url": "http://www.rockwellautomation.com/security/overview.page"
      },
      {
        "trust": 0.3,
        "url": "http://www.rockwellautomation.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "db": "BID",
        "id": "98309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "db": "BID",
        "id": "98309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-19T00:00:00",
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "date": "2017-05-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "date": "2017-05-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "date": "2017-05-04T00:00:00",
        "db": "BID",
        "id": "98309"
      },
      {
        "date": "2017-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "date": "2017-05-06T00:29:00.163000",
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "date": "2017-02-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114227"
      },
      {
        "date": "2017-05-23T16:23:00",
        "db": "BID",
        "id": "98309"
      },
      {
        "date": "2017-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003938"
      },
      {
        "date": "2022-03-23T14:09:02.347000",
        "db": "NVD",
        "id": "CVE-2017-6024"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rockwell Automation Remote Denial of Service Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07081"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Resource management error",
    "sources": [
      {
        "db": "IVD",
        "id": "d8ac2573-223b-482d-a969-c783c7262aac"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-588"
      }
    ],
    "trust": 0.8
  }
}

FKIE_CVE-2017-6024

Vulnerability from fkie_nvd - Published: 2017-05-06 00:29 - Updated: 2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/98309	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98309	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
rockwellautomation	compactlogix_5380_firmware	v28.011
rockwellautomation	compactlogix_5380_firmware	v29.011
rockwellautomation	compactlogix_5380	-
rockwellautomation	controllogix_5580_firmware	v28.011
rockwellautomation	controllogix_5580_firmware	v28.012
rockwellautomation	controllogix_5580_firmware	v28.013
rockwellautomation	controllogix_5580_firmware	v29.011
rockwellautomation	controllogix_5580	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:v28.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEA0815-1269-4B24-B7D5-5B5BE06B8E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:v29.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "771314D1-C8A2-4A9F-A4AB-24C767BB48DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "489DD270-EBC9-4848-BE4C-4FB2D1786521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAFDB5D-4B06-47D4-96D6-BF24FEEA0749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v28.013:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F8BC8FB-B3E9-43CB-B8C6-807DCBC0204C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:v29.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D073C02-AE97-4D14-9682-84B42D0FBDA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de agotamiento de recursos en Rockwell Automation ControlLogix 5580 en los controladores V28.011, V28.012 y V28.013."
    }
  ],
  "id": "CVE-2017-6024",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-06T00:29:00.163",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98309"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-094-05"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-17-094-05

Vulnerability from csaf_cisa - Published: 2017-04-04 00:00 - Updated: 2017-05-04 00:00

Summary

Rockwell Automation ControlLogix 5580 and CompactLogix 5380

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable.

Critical infrastructure sectors

Critical Manufacturing, Food and Agriculture, Transportation Systems, and Water

Countries/areas deployed

Worldwide

Company headquarters location

Milwaukee, Wisconsin

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Food and Agriculture, Transportation Systems, and Water",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Milwaukee, Wisconsin",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-094-05 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-094-05.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-094-05 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-05"
      }
    ],
    "title": "Rockwell Automation ControlLogix 5580 and CompactLogix 5380",
    "tracking": {
      "current_release_date": "2017-05-04T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-094-05",
      "initial_release_date": "2017-04-04T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-04-04T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-094-05P Rockwell Automation ControlLogix 5580 and CompactLogix 5380"
        },
        {
          "date": "2017-05-04T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-17-094-05 Rockwell Automation ControlLogix 5580 and CompactLogix 5380 (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "28.011 | 28.012 | 28.013",
                "product": {
                  "name": "ControlLogix 5580 controllers: V28.011 V28.012 and V28.013",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "ControlLogix 5580 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "29.011",
                "product": {
                  "name": "CompactLogix 5380 controllers: V29.011",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CompactLogix 5380 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "28.011",
                "product": {
                  "name": "CompactLogix 5380 controllers: V28.011",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CompactLogix 5380 controllers"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "29.011",
                "product": {
                  "name": "ControlLogix 5580 controllers: V29.011",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "ControlLogix 5580 controllers"
          }
        ],
        "category": "vendor",
        "name": "Rockwell Automation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6024",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.CVE-2017-6024 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6024"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Rockwell Automation recommends updating to the latest version of ControlLogix 5580 controllers, Version 30.011 or later, which is available at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=1756-L8\u0026crumb=112"
        },
        {
          "category": "mitigation",
          "details": "Rockwell Automation recommends updating to the latest version of CompactLogix 5380 controllers, Version 30.011 or later, which is available at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=5069-L\u0026crumb=112"
        },
        {
          "category": "mitigation",
          "details": "For more information on this vulnerability and more detailed mitigation instructions, please see Rockwell Automation\u0027s advisory labeled ControlLogix 5580 and CompactLogix 5380 Programmable Automation Controller Denial of Service, Version 1.0, April 4, 2017, at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041420"
        },
        {
          "category": "mitigation",
          "details": "As well as Rockwell Automation\u0027s security page:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.rockwellautomation.com/security/overview.page"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6024 (GCVE-0-2017-6024)

CNVD-2017-07081

GHSA-V2X5-JQ6X-Q6HF

GSD-2017-6024

VAR-201705-3537

FKIE_CVE-2017-6024

ICSA-17-094-05

Tags

Sightings

Nomenclature