CVE-2024-21916

A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-31 19:15

Updated : 2024-02-08 01:34

NVD link : CVE-2024-21916

Mitre link : CVE-2024-21916

CVE.ORG link : CVE-2024-21916

JSON object : View

Products Affected

rockwellautomation

guardlogix_5570_controller
guardlogix_5570_controller_firmware
controllogix_5570_controller_firmware
controllogix_5570_redundant_controller_firmware
controllogix_5570_redundant_controller
controllogix_5570_controller

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2024-21916", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2024-01-31T19:15:08.427", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en controladores Rockwell Automation ControlLogix ang GuardLogix. Si se explota, el producto podr\u00eda experimentar un fallo importante no recuperable (MNRF). El dispositivo se reiniciar\u00e1 solo para recuperarse del MNRF."}], "lastModified": "2024-02-08T01:34:49.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C16C24E2-4CB6-4413-8D48-588E0246617E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06E12A7B-E32C-46DE-891B-B42586053A33"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4B273FA-0865-4505-AAF8-1676940A3EA9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5A9D00-9B54-4A85-9E9D-652FA0BC911F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "898183DD-C3AE-42EE-9891-81BFA774476A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CA7904D-3C8B-4CED-B2AB-0CCD266B148F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}