CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3493 – Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value
https://notcve.org/view.php?id=CVE-2024-3493
15 Apr 2024 — A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. Un tipo de paquete fragmentado con forma... • https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3596 – Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service
https://notcve.org/view.php?id=CVE-2023-3596
12 Jul 2023 — Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140010 • CWE-787: Out-of-bounds Write •