CVE-2024-6077

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:32.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:32.013:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:32.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:32.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:33.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:32.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:rockwellautomation:1756-en4_firmware:2.001:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:1756-en4:-:*:*:*:*:*:*:*

History

19 Sep 2024, 14:31

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Rockwellautomation controllogix 5580 Firmware Rockwellautomation compactlogix 5380 Firmware Rockwellautomation controllogix 5580 Rockwellautomation 1756-en4 Firmware Rockwellautomation guardlogix 5580 Rockwellautomation compact Guardlogix 5380 Sil 3 Firmware Rockwellautomation compactlogix 5480 Firmware Rockwellautomation guardlogix 5580 Firmware Rockwellautomation 1756-en4 Rockwellautomation Rockwellautomation compactlogix 5480 Rockwellautomation compact Guardlogix 5380 Sil 2 Firmware Rockwellautomation compactlogix 5380 Rockwellautomation compact Guardlogix 5380 Sil 2 Rockwellautomation compact Guardlogix 5380 Sil 3
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:32.011:::::::* cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:32.013:::::::* cpe:2.3:h:rockwellautomation:compactlogix_5480:-:::::::* cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:32.011:::::::* cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:33.011:::::::* cpe:2.3:h:rockwellautomation:controllogix_5580:-:::::::* cpe:2.3:h:rockwellautomation:1756-en4:-:::::::* cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:::::::* cpe:2.3:o:rockwellautomation:1756-en4_firmware:2.001:::::::* cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:32.011:::::::* cpe:2.3:h:rockwellautomation:compactlogix_5380:-:::::::* cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:32.011:::::::* cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:::::::* cpe:2.3:h:rockwellautomation:guardlogix_5580:-:::::::*
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html - Vendor Advisory

12 Sep 2024, 21:34

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-12 20:15

Updated : 2024-09-19 14:31

NVD link : CVE-2024-6077

Mitre link : CVE-2024-6077

CVE.ORG link : CVE-2024-6077

JSON object : View

Products Affected

rockwellautomation

compact_guardlogix_5380_sil_2
1756-en4
compact_guardlogix_5380_sil_3
guardlogix_5580
1756-en4_firmware
compactlogix_5480_firmware
guardlogix_5580_firmware
compact_guardlogix_5380_sil_3_firmware
compactlogix_5480
controllogix_5580
compactlogix_5380_firmware
controllogix_5580_firmware
compactlogix_5380
compact_guardlogix_5380_sil_2_firmware

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2024-6077", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-12T20:15:05.440", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en los productos afectados de Rockwell Automation cuando se env\u00edan paquetes especialmente manipulados al objeto de seguridad CIP. Si se explota, el dispositivo dejar\u00e1 de estar disponible y ser\u00e1 necesario restablecer la configuraci\u00f3n de f\u00e1brica para recuperarse."}], "lastModified": "2024-09-19T14:31:18.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:32.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D389E07F-A04E-467A-8FE4-4DE8B69EF7EC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:32.013:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF40770-68D8-41E8-B0DC-61BEFD2DA987"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E594CDF6-0582-4D5C-B6AA-C8A2E752E29F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:32.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F2345A8-E3BD-45C2-AEE8-189C81D6C23F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B82D842C-0930-41AA-83CD-5F235771AE4B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:32.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7EB2F5A-34D4-49C6-9B58-632DFA6B69E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:33.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F032C078-D896-47EC-8393-10803E832C18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:32.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAE872BB-FC1F-4B70-92AD-B1213A347C89"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1756-en4_firmware:2.001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B389BA8B-56CD-4614-BC77-02FC80981FA1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1756-en4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6935642C-4CBF-4B4F-A509-561B3E39A66B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}

7.5 /10