CVE-2024-7515

Summary

CVE-2024-7515 IMPACT

A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationCompactLogix 5380 (5069-L3z)28.011affected
Rockwell AutomationControlLogix® 5580 (1756- L8z)28.011affected
Rockwell AutomationGuardLogix 5580 (1756- L8zS)28.011affected
Rockwell AutomationCompact GuardLogix 5380 (5069 – L3zS2)28.011affected
Rockwell AutomationCompactLogix 5480 (5069-L4)28.011affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

If PTP messages are not used, block at the network level, port UDP 319/320

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References