8.6
CVE-2024-3493
- EPSS 0.06%
- Veröffentlicht 15.04.2024 22:15:09
- Zuletzt bearbeitet 04.03.2025 17:11:31
- Quelle PSIRT@rockwellautomation.com
- Teams Watchlist Login
- Unerledigt Login
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Controllogix 5580 Firmware Version35.011
Rockwellautomation ≫ Guardlogix 5580 Firmware Version35.011
Rockwellautomation ≫ Compactlogix 5380 Firmware Version35.011
Rockwellautomation ≫ Compact Guardlogix 5380 Firmware Version35.011
Rockwellautomation ≫ 1756-en4tr Firmware Version5.001
Rockwellautomation ≫ Controllogix 5580 Process Firmware Version35.011
Rockwellautomation ≫ Compactlogix 5380 Process Firmware Version35.011
Rockwellautomation ≫ Compactlogix 5480 Firmware Version35.011
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.193 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.