CVE-2024-3493

Name of the Vulnerable Software and Affected Versions: ControlLogix 5580 versions not specified GuardLogix 5580 versions not specified CompactLogix 5380 versions not specified CompactLogix 5480 versions not specified Compact GuardLogix 5380 versions not specified 1756-EN4TR versions not specified

Description: A specific malformed fragmented packet type can cause a major nonrecoverable fault (MNRF) in the affected products. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. The issue is related to insufficient input validation.

Recommendations: As a temporary workaround, consider implementing additional input validation measures to prevent malformed packets from causing an MNRF. Restrict access to the affected products to minimize the risk of exploitation. Avoid using devices that send large amounts of data, which may generate fragmented packets, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.