CVE-2024-6077

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:32.013:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:33.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:rockwellautomation:1756-en4_firmware:2.001:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1756-en4:-:*:*:*:*:*:*:*

History

19 Sep 2024, 14:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Rockwellautomation controllogix 5580 Firmware
Rockwellautomation compactlogix 5380 Firmware
Rockwellautomation controllogix 5580
Rockwellautomation 1756-en4 Firmware
Rockwellautomation guardlogix 5580
Rockwellautomation compact Guardlogix 5380 Sil 3 Firmware
Rockwellautomation compactlogix 5480 Firmware
Rockwellautomation guardlogix 5580 Firmware
Rockwellautomation 1756-en4
Rockwellautomation
Rockwellautomation compactlogix 5480
Rockwellautomation compact Guardlogix 5380 Sil 2 Firmware
Rockwellautomation compactlogix 5380
Rockwellautomation compact Guardlogix 5380 Sil 2
Rockwellautomation compact Guardlogix 5380 Sil 3
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:32.013:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:33.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1756-en4:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1756-en4_firmware:2.001:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:32.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
References () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html - () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html - Vendor Advisory

12 Sep 2024, 21:34

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-12 20:15

Updated : 2024-09-19 14:31


NVD link : CVE-2024-6077

Mitre link : CVE-2024-6077

CVE.ORG link : CVE-2024-6077


JSON object : View

Products Affected

rockwellautomation

  • compact_guardlogix_5380_sil_2
  • 1756-en4
  • compact_guardlogix_5380_sil_3
  • guardlogix_5580
  • 1756-en4_firmware
  • compactlogix_5480_firmware
  • guardlogix_5580_firmware
  • compact_guardlogix_5380_sil_3_firmware
  • compactlogix_5480
  • controllogix_5580
  • compactlogix_5380_firmware
  • controllogix_5580_firmware
  • compactlogix_5380
  • compact_guardlogix_5380_sil_2_firmware
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation