Major Nonrecoverable Fault (MNRF) in Rockwell Automation's ControlLogix 5580 Could Lead to Loss of View and Control of Connected Devices
CVE-2024-3493

8.6HIGH

Key Information:

Vendor: Rockwell Automation
Status: Controllogix 5580; Guardlogix 5580; Compactlogix 5380; 1756-en4tr
Vendor: CVE Published:; 15 April 2024

Summary

The vulnerability arises from the handling of malformed fragmented packets, which are typically generated by devices transmitting large volumes of data. This issue can trigger a major nonrecoverable fault (MNRF) in several Rockwell Automation products including the ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. When the vulnerability is exploited, the affected device will become unavailable and necessitate a manual restart for recovery. Furthermore, an MNRF event can lead to a detrimental loss of visibility and control over connected devices, impacting overall operational functionality.

Affected Version(s)

1756-EN4TR v5.001

CompactLogix 5380 v5.001

ControlLogix 5580 v35.011

References

https://www.rockwellautomation.com/en-us/support/advisory...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Apr 8, 2024