{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5659","assignerOrgId":"b73dd486-f505-4403-b634-40b078b177f0","state":"PUBLISHED","assignerShortName":"Rockwell","dateReserved":"2024-06-05T16:47:18.275Z","datePublished":"2024-06-14T16:42:20.699Z","dateUpdated":"2024-08-01T21:18:06.865Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ControlLogix® 5580","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"34.011"}]},{"defaultStatus":"unaffected","product":"GuardLogix 5580","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"34.011"}]},{"defaultStatus":"unaffected","product":"1756-EN4","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"4.001"}]},{"defaultStatus":"unaffected","product":"CompactLogix 5380","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"34.011"}]},{"defaultStatus":"unaffected","product":"Compact GuardLogix 5380","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"34.011"}]},{"defaultStatus":"unaffected","product":"CompactLogix 5480","vendor":"Rockwell Automation","versions":[{"status":"affected","version":"34.011"}]}],"datePublic":"2024-06-13T13:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nRockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.\n\n"}],"value":"Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised."}],"impacts":[{"capecId":"CAPEC-624","descriptions":[{"lang":"en","value":"CAPEC-624 Hardware Fault Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":8.3,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-670","description":"CWE-670 Always-Incorrect Control Flow Implementation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"b73dd486-f505-4403-b634-40b078b177f0","shortName":"Rockwell","dateUpdated":"2024-06-14T16:42:20.699Z"},"references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n

Affected Product

First Known in firmware revision

Corrected in firmware revision

ControlLogix® 5580

V34.011

V34.014, V35.013, V36.011 and later

GuardLogix 5580

V34.011

V34.014, V35.013, V36.011 and later

1756-EN4

V4.001

V6.001 and later

CompactLogix 5380

V34.011

V34.014, V35.013, V36.011 and later

Compact GuardLogix  5380

V34.011

V34.014, V35.013, V36.011 and later

CompactLogix 5480

V34.011

V34.014, V35.013, V36.011 and later


\n\n

Mitigations and Workarounds

Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.

·       Users who do not use Automatic Policy Deployment (APD) should block mDNS port, 5353 to help prevent communication.

·       Enable CIP Security. CIP Security with Rockwell Automation Products Application Technique

·       Security Best Practices

\n\n
"}],"value":"Affected Product\n\nFirst Known in firmware revision\n\nCorrected in firmware revision\n\nControlLogix® 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\nGuardLogix 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\n1756-EN4\n\nV4.001\n\nV6.001 and later\n\nCompactLogix 5380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompact GuardLogix  5380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompactLogix 5480\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\n\n·       Users who do not use CIP Security with Rockwell Automation Products Application Technique https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf \n\n·       Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}],"source":{"discovery":"EXTERNAL"},"title":"Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"rockwellautomation","product":"controllogix_5580","cpes":["cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"34.011","status":"affected"}]},{"vendor":"rockwellautomation","product":"guardlogix_5580","cpes":["cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"34.011","status":"affected"}]},{"vendor":"rockwellautomation","product":"1756_en4","cpes":["cpe:2.3:a:rockwellautomation:1756_en4:0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.001","status":"affected"}]},{"vendor":"rockwellautomation","product":"compact_logix_5480","cpes":["cpe:2.3:a:rockwellautomation:compact_logix_5480:34.011:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"34.011","status":"affected"}]},{"vendor":"rockwellautomation","product":"compact_guardlogix_5480","cpes":["cpe:2.3:a:rockwellautomation:compact_guardlogix_5480:34.011:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"34.011","status":"affected"}]},{"vendor":"rockwellautomation","product":"compactlogix","cpes":["cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5480","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-15T19:57:53.882617Z","id":"CVE-2024-5659","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-15T20:23:20.243Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:18:06.865Z"},"title":"CVE Program Container","references":[{"url":"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html","tags":["x_transferred"]}]}]}}