CVE-2024-7515

EPSS 0.22%
Veröffentlicht 14.08.2024 20:15:13
Zuletzt bearbeitet 04.03.2025 17:11:31
Quelle PSIRT@rockwellautomation.com
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation

CVE-2024-7515 IMPACT

A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Compactlogix 5380 Firmware Version >= 28.011 < 34.014

Rockwellautomation ≫ Compactlogix 5380 Version-

Rockwellautomation ≫ Compactlogix 5380 Firmware Version35.011

Rockwellautomation ≫ Compactlogix 5380 Version-

Rockwellautomation ≫ Controllogix 5580 Firmware Version >= 28.011 < 34.014

Rockwellautomation ≫ Controllogix 5580 Version-

Rockwellautomation ≫ Controllogix 5580 Firmware Version35.011

Rockwellautomation ≫ Controllogix 5580 Version-

Rockwellautomation ≫ Guardlogix 5580 Firmware Version >= 31.011 < 34.014

Rockwellautomation ≫ Guardlogix 5580 Version-

Rockwellautomation ≫ Guardlogix 5580 Firmware Version35.011

Rockwellautomation ≫ Guardlogix 5580 Version-

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Firmware Version >= 31.011 < 34.014

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Version-

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Firmware Version35.011

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 2 Version-

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Firmware Version >= 32.013 < 34.014

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Version-

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Firmware Version35.011

Rockwellautomation ≫ Compact Guardlogix 5380 Sil 3 Version-

Rockwellautomation ≫ Compactlogix 5480 Firmware Version >= 32.011 < 34.014

Rockwellautomation ≫ Compactlogix 5480 Version-

Rockwellautomation ≫ Compactlogix 5480 Firmware Version35.011

Rockwellautomation ≫ Compactlogix 5480 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.446

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PSIRT@rockwellautomation.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7515

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7515