Lucene search
RockwellVULNRICHMENT:CVE-2024-6077HistorySep 12, 2024 - 7:59 p.m.
CVE-2024-6077 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP
2024-09-1219:59:40
CWE-20
Rockwell
github.com
1
cve-2024-6077
rockwell automation
controllogix
guardlogix 5580
compactlogix
compact guardlogix® 5380
vulnerable
dos
cip
security object
factory reset
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N
AI Score
7
Confidence
Low
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
ADP Affected
[
{
"cpes": [
"cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil3_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "rockwellautomation",
"product": "compactlogix_5480_firmware",
"versions": [
{
"status": "affected",
"version": "32 .011",
"lessThan": "33.017",
"versionType": "custom"
},
{
"status": "affected",
"version": "34.0",
"lessThan": "34.014",
"versionType": "custom"
},
{
"status": "affected",
"version": "35.0",
"lessThan": "35.013",
"versionType": "custom"
},
{
"status": "affected",
"version": "36.0",
"lessThan": "36.011",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:rockwellautomation:compactlogix_5380_process_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "rockwellautomation",
"product": "compactlogix_5380_process_firmware",
"versions": [
{
"status": "affected",
"version": "33.011",
"lessThan": "33.017",
"versionType": "custom"
},
{
"status": "affected",
"version": "34.0",
"lessThan": "34.014",
"versionType": "custom"
},
{
"status": "affected",
"version": "35.0",
"lessThan": "35.013",
"versionType": "custom"
},
{
"status": "affected",
"version": "36.0",
"lessThan": "36.011",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil2_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "rockwellautomation",
"product": "compact_guardlogix_5380_sil2_firmware",
"versions": [
{
"status": "affected",
"version": "32.013",
"lessThan": "33.017",
"versionType": "custom"
},
{
"status": "affected",
"version": "34.0",
"lessThan": "34.014",
"versionType": "custom"
},
{
"status": "affected",
"version": "35.0",
"lessThan": "35.013",
"versionType": "custom"
},
{
"status": "affected",
"version": "36.0",
"lessThan": "36.011",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:rockwellautomation:1756-en4_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "rockwellautomation",
"product": "1756-en4_firmware",
"versions": [
{
"status": "affected",
"version": "2.001",
"lessThan": "6.001",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
cve
cve
CVE-2024-6077
2024-09-12 20:15:05
ics
ics
nvd
nvd
CVE-2024-6077
2024-09-12 20:15:05
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N
AI Score
7
Confidence
Low
EPSS
0
Percentile
9.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-6077