CVE-2024-7507
Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation
Severity Score
8.7
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
CVE-2024-7507 IMPACT
A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-05 CVE Reserved
- 2024-08-14 CVE Published
- 2024-08-15 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-153: Input Data Manipulation
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201685.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwell Automation Search vendor "Rockwell Automation" | CompactLogix 5380 (5069 – L3z) Search vendor "Rockwell Automation" for product "CompactLogix 5380 (5069 – L3z)" | 28.011 Search vendor "Rockwell Automation" for product "CompactLogix 5380 (5069 – L3z)" and version "28.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | ControlLogix® 5580 (1756 –L8z) Search vendor "Rockwell Automation" for product "ControlLogix® 5580 (1756 –L8z)" | 28.011 Search vendor "Rockwell Automation" for product "ControlLogix® 5580 (1756 –L8z)" and version "28.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | GuardLogix 5580 (1756-L8z) Search vendor "Rockwell Automation" for product "GuardLogix 5580 (1756-L8z)" | 28.011 Search vendor "Rockwell Automation" for product "GuardLogix 5580 (1756-L8z)" and version "28.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | Compact GuardLogix 5380 (5069- L3zS2) Search vendor "Rockwell Automation" for product "Compact GuardLogix 5380 (5069- L3zS2)" | 28.011 Search vendor "Rockwell Automation" for product "Compact GuardLogix 5380 (5069- L3zS2)" and version "28.011" | en |
Affected
| ||||||
| Rockwell Automation Search vendor "Rockwell Automation" | CompactLogix 5480 (5069-L4) Search vendor "Rockwell Automation" for product "CompactLogix 5480 (5069-L4)" | 28.011 Search vendor "Rockwell Automation" for product "CompactLogix 5480 (5069-L4)" and version "28.011" | en |
Affected
| ||||||