CVE-2024-3493

Summary

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationControlLogix 5580v35.011affected
Rockwell AutomationGuardLogix 5580v35.011affected
Rockwell AutomationCompactLogix 5380v5.001affected
Rockwell Automation1756-EN4TRv5.001affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References