Vulnerabilities > CVE-2024-3493 - Unspecified vulnerability in Rockwellautomation products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

rockwellautomation

NVD

Published: 2024-04-15

Updated: 2025-03-04

Summary

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Controllogix 5580 Firmware 35.011 Rockwellautomation Guardlogix 5580 Firmware 35.011 Rockwellautomation Compactlogix 5380 Firmware 35.011 Rockwellautomation Compact Guardlogix 5380 Firmware 35.011 Rockwellautomation 1756 En4Tr Firmware 5.001 Rockwellautomation Controllogix 5580 Process Firmware 35.011 Rockwellautomation Compactlogix 5380 Process Firmware 35.011 Rockwellautomation Compactlogix 5480 Firmware 35.011	8
Hardware	Rockwellautomation Rockwellautomation Controllogix 5580 - Rockwellautomation Guardlogix 5580 - Rockwellautomation Compactlogix 5380 - Rockwellautomation Compact Guardlogix 5380 - Rockwellautomation 1756 En4Tr - Rockwellautomation Controllogix 5580 Process - Rockwellautomation Compactlogix 5380 Process - Rockwellautomation Compactlogix 5480 -	8

Summary

Vulnerable Configurations

References