Published Date: June 11, 2024
Last updated: June 11, 2024
Revision Number: 1.0
CVSS Score: v3.1: 7.4/10, 4.0: 8.3/10
AFFECTED PRODUCTS AND SOLUTION
Affected Product
|
First Known in firmware revision
|
Corrected in firmware revision
|
ControlLogix® 5580
|
V34.011
|
V34.014, V35.013, V36.011 and later
|
GuardLogix 5580
|
V34.011
|
V34.014, V35.013, V36.011 and later
|
1756-EN4
|
V4.001
|
V6.001 and later
|
CompactLogix 5380
|
V34.011
|
V34.014, V35.013, V36.011 and later
|
Compact GuardLogix 5380
|
V34.011
|
V34.014, V35.013, V36.011 and later
|
CompactLogix 5480
|
V34.011
|
V34.014, V35.013, V36.011 and later
|
VULNERABILITY DETAILS
Rockwell Automation used version 3.1 and 4.0 of the CVSS scoring system to assess the following vulnerabilities.
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port If exploited, the availability of the device would be compromised.
CVE-2024-5659 IMPACT
CVSS Base Score v3.1: 7.4/10
CVSS Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVSS Base Score v4.0: 8.3/10
CVSS Vector String: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CWE: CWE 670 – Always Incorrect Flow Implementation
Known Exploited Vulnerability (KEV) database: No
Users can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
Mitigations and Workarounds
Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.
· Users who do not use Automatic Policy Deployment (APD) should block mDNS port, 5353 to help prevent communication.
· Enable CIP Security. CIP Security with Rockwell Automation Products Application Technique
ADDITIONAL RESOURCES
