CVE-2024-21916

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

References

Link	Resource
https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html	Vendor Advisory
https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6
References	~~() https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html - Vendor Advisory~~	() https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html - Vendor Advisory

Information

Published : 2024-01-31 19:15

Updated : 2024-11-21 08:55

NVD link : CVE-2024-21916

Mitre link : CVE-2024-21916

CVE.ORG link : CVE-2024-21916

JSON object : View

Products Affected

rockwellautomation

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2024-21916", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-31T19:15:08.427", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en controladores Rockwell Automation ControlLogix ang GuardLogix. Si se explota, el producto podr\u00eda experimentar un fallo importante no recuperable (MNRF). El dispositivo se reiniciar\u00e1 solo para recuperarse del MNRF."}], "lastModified": "2024-11-21T08:55:16.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06E12A7B-E32C-46DE-891B-B42586053A33"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C16C24E2-4CB6-4413-8D48-588E0246617E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5A9D00-9B54-4A85-9E9D-652FA0BC911F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4B273FA-0865-4505-AAF8-1676940A3EA9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.054_kit1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CA7904D-3C8B-4CED-B2AB-0CCD266B148F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "898183DD-C3AE-42EE-9891-81BFA774476A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}