CVE-2024-6089

An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rockwellautomation:5015-aenftxt_firmware:2.011:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:5015-aenftxt:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html - Vendor Advisory () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html - Vendor Advisory

10 Sep 2024, 14:05

Type Values Removed Values Added
CWE NVD-CWE-noinfo
Summary
  • (es) Existe una vulnerabilidad de validación de entrada en Rockwell Automation 5015 - AENFTXT cuando se envía un paquete PTP manipulado, lo que provoca que el adaptador secundario genere una falla importante no recuperable. Si se explota, se requiere un ciclo de energía para recuperar el producto.
CPE cpe:2.3:h:rockwellautomation:5015-aenftxt:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:5015-aenftxt_firmware:2.011:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html - () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html - Vendor Advisory
First Time Rockwellautomation 5015-aenftxt Firmware
Rockwellautomation
Rockwellautomation 5015-aenftxt

16 Jul 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-16 17:15

Updated : 2024-11-21 09:48


NVD link : CVE-2024-6089

Mitre link : CVE-2024-6089

CVE.ORG link : CVE-2024-6089


JSON object : View

Products Affected

rockwellautomation

  • 5015-aenftxt_firmware
  • 5015-aenftxt
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo