Rockwell Automation ControlLogix and GuardLogix Improper Input Validation (CVE-2024-3493)

A specific malformed fragmented packet type fragmented packets may be generated automatically by devices that send large amounts of data can cause a major nonrecoverable fault MNRF. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally...

CVE-2024-3493

CVE-2024-3493 affects Rockwell Automation ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, and 1756-EN4TR. The root cause is improper input validation triggering a major nonrecoverable fault (MNRF) when a specific malformed fragmented packet is processed; exploitation can render the device ...

Rockwell Automation ControlLogix 5580, Guard Logix 5580, CompactLogix 5380和1756-EN4TR 安全漏洞

Rockwell Automation ControlLogix is a controller from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR, which stems from an invalid header value resulting in the presence of a security...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric...

PT-2022-6079 · Rockwell Automation · Compactlogix +3

Name of the Vulnerable Software and Affected Versions: Rockwell Automation controllers affected versions not specified Rockwell Automation CompactLogix, ControlLogix, GuardLogix affected versions not specified Description: A vulnerability exists in the Rockwell Automation controllers that allows ...

Rockwell Automation CompactLogix 5370 输入验证错误漏洞

The Rockwell Automation CompactLogix 5370 is a programmable logic controller from Rockwell Automation. An input validation error vulnerability exists in Rockwell Automation CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers. An attacker could exploit the vulnerability to...

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Limitation of a Pathname to a Restricted Directory (CVE-2020-6998)

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to ...

CVE-2020-6998

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to ...

CVE-2020-6998

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to ...

CVE-2020-6998 Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to ...

CVE-2020-6998

CVE-2020-6998 affects Rockwell Automation CompactLogix 5370 and ControlLogix 5570 controllers (versions 33 and earlier). The vulnerability stems from the connection establishment algorithm failing to manage control flow, creating an infinite loop when handling CIP packet requests, which may cause...

CVE-2020-6998 Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers Improper Input Validation

The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to ...

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

Code injection

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

CVE-2022-1161 ICSA-22-090-05 Rockwell Automation Logix Controllers

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

CVE-2022-1161

CVE-2022-1161 affects Rockwell Automation’s Logix platforms (ControlLogix, CompactLogix, GuardLogix) via Studio 5000 Logix Designer. The root cause is that Studio 5000 writes user‑readable program code to a separate location from the executed compiled code, enabling an attacker to modify one copy...

PT-2022-2353 · Rockwell Automation · Compactlogix 5480 +5

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Studio 5000 Logix Designer all versions ControlLogix 5580 affected versions not specified GuardLogix 5580 affected versions not specified CompactLogix 5380 affected versions not specified CompactLogix 5480 affected version...

PT-2022-2065 · Rockwell Automation · Flexlogix +6

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ControlLogix, CompactLogix, and GuardLogix Control systems affected versions not specified Rockwell Automation FlexLogix, DriveLogix, and SoftLogix affected versions not specified Description: The issue allows an attacker ...

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Rockwell Automation Logix Controllers 安全漏洞

Rockwell Automation Logix Controllers is a high-performance control platform from Rockwell Automation. Use this single platform to perform sequence, process, drive, or motion control in any combination. A security vulnerability exists in Rockwell Automation Logix Controllers that originates from...