8.3
CVE-2024-5659
- EPSS 0.23%
- Veröffentlicht 14.06.2024 17:15:51
- Zuletzt bearbeitet 27.02.2025 15:15:08
- Quelle PSIRT@rockwellautomation.com
- Teams Watchlist Login
- Unerledigt Login
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Controllogix 5580 Firmware Version34.011
Rockwellautomation ≫ Guardlogix 5580 Firmware Version34.011
Rockwellautomation ≫ 1756-en4 Firmware Version4.001
Rockwellautomation ≫ Compactlogix 5380 Firmware Version34.011
Rockwellautomation ≫ Compact Guardlogix 5380 Firmware Version34.011
Rockwellautomation ≫ Compactlogix 5480 Firmware Version34.011
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.455 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.3 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-670 Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.