{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-21916","assignerOrgId":"b73dd486-f505-4403-b634-40b078b177f0","state":"PUBLISHED","assignerShortName":"Rockwell","dateReserved":"2024-01-03T16:40:50.367Z","datePublished":"2024-01-31T18:28:59.715Z","dateUpdated":"2024-08-01T22:35:34.618Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ControlLogix® 5570","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"20.011"}]},{"defaultStatus":"unaffected","product":"GuardLogix® 5570","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"20.011"}]},{"defaultStatus":"unaffected","product":"ControlLogix® 5570 redundant","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"20.054_kit1"}]}],"datePublic":"2024-01-30T14:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the </span><a target=\"_blank\" rel=\"nofollow\">MNRF.</a>"}],"value":"\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF."}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100 Overflow Buffers"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2024-01-31T18:28:59.715Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<ul><li>Update to corrected Firmware.&nbsp;</li></ul>\n\n<table><tbody><tr><td><p><a target=\"_blank\" rel=\"nofollow\">Affected Product</a></p></td><td><p><a target=\"_blank\" rel=\"nofollow\">First Known in Firmware</a></p></td><td><p>Corrected in Firmware</p></td></tr><tr><td><p>ControlLogix® 5570</p></td><td><p>20.011</p></td><td><p>v33.016, 34.013, 35.012, 36.011 and later</p></td></tr><tr><td><p>GuardLogix® 5570<b></b></p></td><td><p>20.011</p></td><td><p>v33.016, 34.013, 35.012, 36.011 and later</p></td></tr><tr><td><p>ControlLogix® 5570 redundant<b></b></p></td><td><p>20.054_kit1</p></td><td><p>v33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late</p></td></tr></tbody></table>\n\n<br>\n\n"}],"value":"\n  *  Update to corrected Firmware. \n\n\n\n\nAffected Product\n\nFirst Known in Firmware\n\nCorrected in Firmware\n\nControlLogix® 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nGuardLogix® 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nControlLogix® 5570 redundant\n\n20.054_kit1\n\nv33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late\n\n\n\n\n\n\n"}],"source":{"discovery":"UNKNOWN"},"title":"Rockwell Automation Denial-of-service Vulnerability in ICE1 Controller","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"rockwellautomation","product":"controllogix_5570_controller_firmware","cpes":["cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"20.011","status":"affected"}]},{"vendor":"rockwellautomation","product":"guardlogix_5570_controller_firmware","cpes":["cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"20.011","status":"affected"}]},{"vendor":"rockwellautomation","product":"controllogix_5570_redundant_controller_firmware","cpes":["cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"20.054_kit1","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-02-06T05:00:32.025684Z","id":"CVE-2024-21916","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-01T19:54:41.466Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:35:34.618Z"},"title":"CVE Program Container","references":[{"url":"https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html","tags":["x_transferred"]}]}]}}