8.3
CVE-2024-5659
- EPSS 0.23%
- Published 14.06.2024 17:15:51
- Last modified 27.02.2025 15:15:08
- Source PSIRT@rockwellautomation.com
- Teams watchlist Login
- Open Login
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
Data is provided by the National Vulnerability Database (NVD)
Rockwellautomation ≫ Controllogix 5580 Firmware Version34.011
Rockwellautomation ≫ Guardlogix 5580 Firmware Version34.011
Rockwellautomation ≫ 1756-en4 Firmware Version4.001
Rockwellautomation ≫ Compactlogix 5380 Firmware Version34.011
Rockwellautomation ≫ Compact Guardlogix 5380 Firmware Version34.011
Rockwellautomation ≫ Compactlogix 5480 Firmware Version34.011
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.455 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.3 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-670 Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.