CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

🗓️ 14 Oct 2024 13:47:14Reported by RockwellType

RSLogix 5 and 500 Remote Code Execution Vulnerabilit

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of RSLogix 5 and RSLogix 500 software’s VBA scripts allows a perpetrator to execute arbitrary code.	23 Sep 202400:00	–	bdu_fstec
Circl	CVE-2024-7847	14 Oct 202416:40	–	circl
CNNVD	Rockwell Automation多款产品安全漏洞	14 Oct 202400:00	–	cnnvd
CVE	CVE-2024-7847	14 Oct 202413:47	–	cve
EUVD	EUVD-2024-48698	3 Oct 202520:07	–	euvd
ICS	Rockwell Automation RSLogix 5 and RSLogix 500	19 Sep 202406:00	–	ics
NVD	CVE-2024-7847	14 Oct 202414:15	–	nvd
Positive Technologies	PT-2024-6333 · Rockwell Automation · Rslogix 5	19 Sep 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script	14 Oct 202413:47	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "RSLogix 500®",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RSLogix™ Micro Developer and Starter",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "RSLogix™ 5",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

Source	Link
rockwellautomation	www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html

14 Oct 2024 13:47Current

CVSS 3.17.7

CVSS 48.8

EPSS0.00355

CWE-345