CVE-2024-5659

Summary

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationControlLogix® 558034.011affected
Rockwell AutomationGuardLogix 558034.011affected
Rockwell Automation1756-EN44.001affected
Rockwell AutomationCompactLogix 538034.011affected
Rockwell AutomationCompact GuardLogix 538034.011affected
Rockwell AutomationCompactLogix 548034.011affected

Weaknesses

  • CWE-670: CWE-670 Always-Incorrect Control Flow Implementation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References