CVE-2024-45825

Summary

CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

Affected Software

VendorProductVersion RangeStatus
Rockwell Automation5015-U8IHFT1.011-1.012affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Block communication to CIP classes 883 and 67 if it is not required

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References