8.7
CVE-2024-6207
- EPSS 0.18%
- Published 14.10.2024 21:15:12
- Last modified 21.10.2024 13:20:45
- Source PSIRT@rockwellautomation.com
- Teams watchlist Login
- Open Login
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.
Data is provided by the National Vulnerability Database (NVD)
Rockwellautomation ≫ Controllogix 5580 Firmware Version >= 28.011 < 33.017
Rockwellautomation ≫ Controllogix 5580 Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Controllogix 5580 Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Controllogix 5580 Process Firmware Version >= 33.011 < 33.017
Rockwellautomation ≫ Controllogix 5580 Process Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Controllogix 5580 Process Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Guardlogix 5580 Firmware Version >= 31.011 < 33.017
Rockwellautomation ≫ Guardlogix 5580 Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Guardlogix 5580 Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Compactlogix 5380 Firmware Version >= 28.011 < 33.017
Rockwellautomation ≫ Compactlogix 5380 Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Compactlogix 5380 Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Firmware Version >= 31.011 < 33.017
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Firmware Version >= 32.013 < 33.017
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Compactlogix 5480 Firmware Version >= 32.011 < 33.017
Rockwellautomation ≫ Compactlogix 5480 Firmware Version >= 34.011 < 34.014
Rockwellautomation ≫ Compactlogix 5480 Firmware Version >= 35.011 < 35.013
Rockwellautomation ≫ Factorytalk Logix Echo Firmware Version >= 33.011 < 34.014
Rockwellautomation ≫ Factorytalk Logix Echo Firmware Version >= 35.011 < 35.013
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.395 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| PSIRT@rockwellautomation.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.