CVE-2024-5659

Name of the Vulnerable Software and Affected Versions Rockwell Automation CompactLogix, ControlLogix, GuardLogix versions (affected versions not specified) Rockwell Automation communication module 1756-EN4 versions (affected versions not specified)

Description The issue is related to the implementation of incorrect control flow in the firmware of Rockwell Automation programmable logic controllers. This could allow a remote attacker to cause a denial of service. The vulnerability can be exploited by sending abnormal packets to the mDNS port, resulting in a major nonrecoverable fault (MNRF/Assert) that compromises the availability of the device.

Recommendations For Rockwell Automation CompactLogix, ControlLogix, GuardLogix, and communication module 1756-EN4, consider restricting access to the mDNS port to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.