CVE-2024-7847

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/RSS project file. If exploited, a threat actor may be able to perform a remote code execution. Connected devices may also be impacted by exploitation of this vulnerability.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rockwellautomation:rslogix_5:-:::::::*
	cpe:2.3:a:rockwellautomation:rslogix_500:-:::::::*
	cpe:2.3:a:rockwellautomation:rslogix_micro_developer:-:::::::*
	cpe:2.3:a:rockwellautomation:rslogix_micro_starter_lite:-:::::::*

History

29 Sep 2025, 17:27

Type	Values Removed	Values Added
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1701.html - Vendor Advisory
CPE		cpe:2.3:a:rockwellautomation:rslogix_500:-:::::::* cpe:2.3:a:rockwellautomation:rslogix_5:-:::::::* cpe:2.3:a:rockwellautomation:rslogix_micro_starter_lite:-:::::::* cpe:2.3:a:rockwellautomation:rslogix_micro_developer:-:::::::*
First Time		Rockwellautomation rslogix 5 Rockwellautomation Rockwellautomation rslogix 500 Rockwellautomation rslogix Micro Developer Rockwellautomation rslogix Micro Starter Lite

15 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) DETALLES DE LA VULNERABILIDAD Rockwell Automation utilizó las últimas versiones del sistema de puntuación CVSS para evaluar las siguientes vulnerabilidades. Sharon Brizinov de Claroty Research - Team82 nos informó sobre las siguientes vulnerabilidades. Una característica de los productos afectados permite a los usuarios preparar un archivo de proyecto con un script VBA integrado y se puede configurar para que se ejecute una vez que se haya abierto el archivo de proyecto sin intervención del usuario. Esta característica se puede utilizar de forma abusiva para engañar a un usuario legítimo para que ejecute código malicioso al abrir un archivo de proyecto RSP/RSS infectado. Si se explota, un actor de amenazas puede realizar una ejecución remota de código. Los dispositivos conectados también pueden verse afectados por la explotación de esta vulnerabilidad.

14 Oct 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-14 14:15

Updated : 2025-09-29 17:27

NVD link : CVE-2024-7847

Mitre link : CVE-2024-7847

CVE.ORG link : CVE-2024-7847

JSON object : View

Products Affected

rockwellautomation

rslogix_5
rslogix_500
rslogix_micro_starter_lite
rslogix_micro_developer

CWE

CWE-345

Insufficient Verification of Data Authenticity

7.7 /10