CVE-2024-3493

Published Apr 15, 2024

Last updated a month ago

CVSS high 8.6

Overview

Description: A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
Source: PSIRT@rockwellautomation.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

PSIRT@rockwellautomation.com: CWE-20
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A29D3775-CAB3-45CF-96CE-71D0672C7E37"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64CAC9B1-19E5-44BB-B814-DDA98B7290E4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "305CDBFF-404A-45F5-A391-1B18F446D1B8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9232043F-8A87-446C-8B7E-F8E400AA6F68"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "62414E65-73C7-4172-B7BF-F40A66AFBB90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91162BBB-AD61-4191-B00A-FDE767268F13"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A1541AE-A429-455E-94C4-3420183CE7CF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFEDADD8-01DE-4AE5-A0D7-532347FA7DB2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_process_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF838222-B4B6-4A66-B3CE-55E643368754"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380_process:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77BCC249-D601-4A82-9247-C0981BF990FC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61F8EA3B-C51C-4CB1-9BB3-017577DC6684"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References