Rockwell Automation Affected by Vulnerability Leading to Major Network Disruption
CVE-2024-5659

6.5MEDIUM

Key Information:

Vendor: Rockwell Automation
Status: Controllogix® 5580; Guardlogix 5580; 1756-en4; Compactlogix 5380
Vendor: CVE Published:; 14 June 2024

Summary

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.

Affected Version(s)

1756-EN4 4.001

Compact GuardLogix 5380 34.011

CompactLogix 5380 34.011

References

https://www.rockwellautomation.com/en-us/trust-center/sec...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 5, 2024