PT-2024-6589 · Rockwell Automation · Guardlogix 5580+1
Published
2024-08-13
·
Updated
2025-01-31
·
CVE-2024-40619
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Rockwell Automation ControlLogix 5580 versions (affected versions not specified)
Rockwell Automation GuardLogix 5580 versions (affected versions not specified)
Description:
A denial-of-service issue exists due to insufficient exception handling in the software of Rockwell Automation ControlLogix 5580 and GuardLogix 5580 programmable logic controllers. This issue can be triggered by sending a malformed CIP packet over the network to the device, resulting in a major nonrecoverable fault that causes a denial-of-service. An attacker could exploit this vulnerability to cause a denial-of-service.
Recommendations:
For Rockwell Automation ControlLogix 5580, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Rockwell Automation GuardLogix 5580, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Controllogix 5580
Guardlogix 5580