8.7
CVE-2024-8626
- EPSS 0.5%
- Veröffentlicht 08.10.2024 17:15:56
- Zuletzt bearbeitet 27.02.2025 18:47:11
- Quelle PSIRT@rockwellautomation.com
- CVE-Watchlists
- Unerledigt
Logix Controllers Vulnerable to Denial-of-Service Vulnerability
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rockwellautomation ≫ Compactlogix 5380 Firmware Version >= 33.011 < 33.015
Rockwellautomation ≫ Compact Guardlogix 5380 Firmware Version >= 33.011 < 33.015
Rockwellautomation ≫ Compactlogix 5480 Firmware Version >= 33.011 < 33.015
Rockwellautomation ≫ Controllogix 5580 Firmware Version >= 33.011 < 33.015
Rockwellautomation ≫ Guardlogix 5580 Firmware Version >= 33.011 < 33.015
Rockwellautomation ≫ 1756-en4tr Firmware Version3.002
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.385 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| PSIRT@rockwellautomation.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html