Vulnerabilities > CVE-2024-8626 - Memory Leak vulnerability in Rockwellautomation products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

rockwellautomation

CWE-401

NVD

Published: 2024-10-08

Updated: 2025-02-27

Summary

Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.

Vulnerable Configurations

Part	Description	Count
OS	Rockwellautomation Rockwellautomation Compactlogix 5380 Firmware 33.011 Rockwellautomation Compact Guardlogix 5380 Firmware 33.011 Rockwellautomation Compactlogix 5480 Firmware 33.011 Rockwellautomation Controllogix 5580 Firmware 33.011 Rockwellautomation Guardlogix 5580 Firmware 33.011 Rockwellautomation 1756 En4Tr Firmware 3.002	6
Hardware	Rockwellautomation Rockwellautomation Compactlogix 5380 - Rockwellautomation Compact Guardlogix 5380 - Rockwellautomation Compactlogix 5480 - Rockwellautomation Controllogix 5580 - Rockwellautomation Guardlogix 5580 - Rockwellautomation 1756 En4Tr -	6

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html