CVE-2024-3493

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html

Configurations

No configuration.

History

16 Apr 2024, 13:24

Type	Values Removed	Values Added
Summary		(es) Un tipo de paquete fragmentado con formato incorrecto específico (los dispositivos que envían grandes cantidades de datos pueden generar paquetes fragmentados automáticamente) puede causar una falla mayor no recuperable (MNRF) en ControlLogix 5580, Guard Logix 5580, CompactLogix 5380 y 1756-EN4TR de Rockwell Automation. Si se explota, el producto afectado dejará de estar disponible y requerirá un reinicio manual para recuperarlo. Además, un MNRF podría provocar una pérdida de visión y/o control de los dispositivos conectados.

15 Apr 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-15 22:15

Updated : 2024-04-16 13:24

NVD link : CVE-2024-3493

Mitre link : CVE-2024-3493

CVE.ORG link : CVE-2024-3493

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

8.6 /10