RockwellCVELIST:CVE-2024-3493CVE-2024-3493 Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automationās ControlLogix 5580, Guard LogixĀ 5580,Ā CompactLogix 5380,Ā and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ControlLogix 5580",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v35.011"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GuardLogix 5580",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v35.011"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix 5380",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v5.001"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN4TR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "v5.001"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%