PT-2024-8139 · Rockwell Automation · Compact Guardlogix 5380+6
Published
2024-10-07
·
Updated
2024-10-10
·
CVE-2024-8626
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Rockwell Automation products (affected versions not specified)
ControlLogix 5580 versions (no specific range provided)
GuardLogix 5580 versions (no specific range provided)
CompactLogix 5380 versions (no specific range provided)
CompactLogix 5480 versions (no specific range provided)
Compact GuardLogix 5380 versions (no specific range provided)
1756-EN4TR versions (no specific range provided)
Description:
A denial-of-service vulnerability exists in Rockwell Automation products due to a memory leak. This issue can be exploited by a malicious actor performing multiple actions on certain web pages, causing the products to become fully unavailable and require a power cycle to recover. The vulnerability is related to an uncontrolled resource consumption.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Resource Exhaustion
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1756-En4Tr
Compact Guardlogix 5380
Compactlogix 5380
Compactlogix 5480
Controllogix 5580
Guardlogix 5580
Rockwell Automation