CVE-2024-5659
Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers
Severity Score
8.3
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
Rockwell Automation fue informado de una vulnerabilidad que hace que todos los controladores afectados en la misma red produzcan una falla importante no recuperable (MNRF/Assert). Esta vulnerabilidad podría explotarse enviando paquetes anormales al puerto mDNS. Si se explota, la disponibilidad del dispositivo se vería comprometida.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-05 CVE Reserved
- 2024-06-14 CVE Published
- 2024-06-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-670: Always-Incorrect Control Flow Implementation
CAPEC
- CAPEC-624: Hardware Fault Injection
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwell Automation Search vendor "Rockwell Automation" | ControlLogix® 5580 Search vendor "Rockwell Automation" for product "ControlLogix® 5580" | 34.011 Search vendor "Rockwell Automation" for product "ControlLogix® 5580" and version "34.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | GuardLogix 5580 Search vendor "Rockwell Automation" for product "GuardLogix 5580" | 34.011 Search vendor "Rockwell Automation" for product "GuardLogix 5580" and version "34.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | 1756-EN4 Search vendor "Rockwell Automation" for product "1756-EN4" | 4.001 Search vendor "Rockwell Automation" for product "1756-EN4" and version "4.001" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | CompactLogix 5380 Search vendor "Rockwell Automation" for product "CompactLogix 5380" | 34.011 Search vendor "Rockwell Automation" for product "CompactLogix 5380" and version "34.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | Compact GuardLogix 5380 Search vendor "Rockwell Automation" for product "Compact GuardLogix 5380" | 34.011 Search vendor "Rockwell Automation" for product "Compact GuardLogix 5380" and version "34.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | CompactLogix 5480 Search vendor "Rockwell Automation" for product "CompactLogix 5480" | 34.011 Search vendor "Rockwell Automation" for product "CompactLogix 5480" and version "34.011" | en |
Affected
| ||||||