8.7
CVE-2024-6077
- EPSS 0.07%
- Published 12.09.2024 20:15:05
- Last modified 19.09.2024 14:31:18
- Source PSIRT@rockwellautomation.com
- Teams watchlist Login
- Open Login
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
Data is provided by the National Vulnerability Database (NVD)
Rockwellautomation ≫ Compactlogix 5380 Firmware Version32.011
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Firmware Version32.013
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Firmware Version32.011
Rockwellautomation ≫ Compactlogix 5480 Firmware Version32.011
Rockwellautomation ≫ Controllogix 5580 Firmware Version33.011
Rockwellautomation ≫ Guardlogix 5580 Firmware Version32.011
Rockwellautomation ≫ 1756-en4 Firmware Version2.001
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.222 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.