CVE-2024-6077

Summary

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix 5380v.32 .011affected
Rockwell AutomationCompactLogix 5380 Processv.33.011affected
Rockwell AutomationCompact GuardLogix 5380 SIL 2v.32.013affected
Rockwell AutomationCompact GuardLogix 5380 SIL 3v.32.011affected
Rockwell AutomationCompactLogix 5480v.32.011affected
Rockwell AutomationControlLogix® 5580v.32.011affected
Rockwell AutomationControlLogix® 5580 Processv.33.011affected
Rockwell AutomationGuardLogix 5580v.32.011affected
Rockwell Automation1756-EN4v2.001affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References