CVE-2024-8626 - Vulnerability Details

Vendors	Products
Rockwellautomation	1756-en4tr Firmware Compact Guardlogix 5380 Firmware Compactlogix 5380 Firmware Compactlogix 5480 Firmware Guardlogix 5580 Firmware

Link	Providers
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00085}`	epss `{'score': 0.00112}`

Type	Values Removed	Values Added
First Time appeared		Rockwellautomation Rockwellautomation 1756-en4tr Firmware Rockwellautomation compact Guardlogix 5380 Firmware Rockwellautomation compactlogix 5380 Firmware Rockwellautomation compactlogix 5480 Firmware Rockwellautomation guardlogix 5580 Firmware
CPEs		cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:::::::* cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:::::::: cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:::::::: cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:::::::: cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware::::::::
Vendors & Products		Rockwellautomation Rockwellautomation 1756-en4tr Firmware Rockwellautomation compact Guardlogix 5380 Firmware Rockwellautomation compactlogix 5380 Firmware Rockwellautomation compactlogix 5480 Firmware Rockwellautomation guardlogix 5580 Firmware
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
Title		Logix Controllers Vulnerable to Denial-of-Service Vulnerability
Weaknesses		CWE-400
References		https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8626", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-09-09T20:33:30.575Z", "datePublished": "2024-10-08T16:35:04.513Z", "dateUpdated": "2024-10-08T17:36:25.719Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CompactLogix 5380 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011 <"}]}, {"defaultStatus": "unaffected", "product": "Compact GuardLogix\u00ae 5380 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011<"}]}, {"defaultStatus": "unaffected", "product": "CompactLogix 5480 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011<"}]}, {"defaultStatus": "unaffected", "product": "GuardLogix 5580 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011<"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v3.002"}]}], "datePublic": "2024-10-08T16:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. </span>"}], "value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover."}], "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124 Shared Resource Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-08T16:35:04.513Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td><p><br>Affected Product&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011 &lt;</p><p>&nbsp;</p><p>&nbsp;</p></td><td rowspan=\"5\"><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v33.015 and later for versions 33</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v34.011 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix\u00ae 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4TR</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v3.002</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>4.001 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds </p><p>Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul>\n\n<br>"}], "value": "Affected Product\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011 <\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n  *  v33.015 and later for versions 33\n\n\n\n\n\u00a0\n\n\u00a0\n\n  *  v34.011 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix\u00ae 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4TR\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv3.002\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n  *  4.001 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nCustomers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. \n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"advisory": "SD1706", "discovery": "EXTERNAL"}, "title": "Logix Controllers Vulnerable to Denial-of-Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "compactlogix_5380_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.011", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "compact_guardlogix_5380_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.011", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "compactlogix_5480_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.011", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "guardlogix_5580_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.001", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "1756-en4tr_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.002", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T17:29:59.695076Z", "id": "CVE-2024-8626", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:36:25.719Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-8626 (string)

assignerOrgId : b73dd486-f505-4403-b634-40b078b177f0 (string)

state : PUBLISHED (string)

assignerShortName : Rockwell (string)

dateReserved : 2024-09-09T20:33:30.575Z (string)

datePublished : 2024-10-08T16:35:04.513Z (string)

dateUpdated : 2024-10-08T17:36:25.719Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : CompactLogix 5380 controllers (string)

vendor : Rockwell Automation (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011 < (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : Compact GuardLogix® 5380 controllers (string)

vendor : Rockwell Automation (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011< (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : CompactLogix 5480 controllers (string)

vendor : Rockwell Automation (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011< (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : GuardLogix 5580 controllers (string)

vendor : Rockwell Automation (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011< (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : 1756-EN4TR (string)

vendor : Rockwell Automation (string)

versions : [ »

0 : { »

status : affected (string)

version : v3.002 (string)

}

]

}

]

datePublic : 2024-10-08T16:24:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. (string)

}

]

value : Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-124 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-124 Shared Resource Manipulation (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

baseScore : 8.7 (number)

baseSeverity : HIGH (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N (string)

version : 4.0 (string)

vulnAvailabilityImpact : NONE (string)

vulnConfidentialityImpact : HIGH (string)

vulnIntegrityImpact : NONE (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-400 (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : b73dd486-f505-4403-b634-40b078b177f0 (string)

shortName : Rockwell (string)

dateUpdated : 2024-10-08T16:35:04.513Z (string)

}

references : [ »

0 : { »

url : https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <table><tbody><tr><td> Affected Product </td><td>  First Known in firmware Revision  </td><td>  Corrected in Firmware Revision  </td></tr><tr><td>  CompactLogix 5380 controllers  </td><td>  v33.011 <  </td><td rowspan="5">        <ul><li>v33.015 and later for versions 33</li></ul>  <ul><li>v34.011 and later</li></ul>     </td></tr><tr><td>  Compact GuardLogix® 5380 controllers  </td><td>  v33.011<  </td></tr><tr><td>  CompactLogix 5480 controllers  </td><td>  v33.011<  </td></tr><tr><td>  ControlLogix 5580 controllers  </td><td>  v33.011<  </td></tr><tr><td>  GuardLogix 5580 controllers  </td><td>  v33.011<  </td></tr><tr><td>  1756-EN4TR  </td><td>  v3.002  </td><td>  <ul><li>4.001 and later</li></ul>  </td></tr></tbody></table> Mitigations and Workarounds Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. <ul><li><a target="_blank" rel="nofollow" href="https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight">Security Best Practices</a> </li></ul> (string)

}

]

value : Affected Product First Known in firmware Revision Corrected in Firmware Revision CompactLogix 5380 controllers v33.011 < * v33.015 and later for versions 33 * v34.011 and later Compact GuardLogix® 5380 controllers v33.011< CompactLogix 5480 controllers v33.011< ControlLogix 5580 controllers v33.011< GuardLogix 5580 controllers v33.011< 1756-EN4TR v3.002 * 4.001 and later Mitigations and Workarounds Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight (string)

}

]

source : { »

advisory : SD1706 (string)

discovery : EXTERNAL (string)

}

title : Logix Controllers Vulnerable to Denial-of-Service Vulnerability (string)

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : rockwellautomation (string)

product : compactlogix_5380_firmware (string)

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 33.011 (string)

status : affected (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : rockwellautomation (string)

product : compact_guardlogix_5380_firmware (string)

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 33.011 (string)

status : affected (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : rockwellautomation (string)

product : compactlogix_5480_firmware (string)

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 33.011 (string)

status : affected (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : rockwellautomation (string)

product : guardlogix_5580_firmware (string)

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 33.001 (string)

status : affected (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : rockwellautomation (string)

product : 1756-en4tr_firmware (string)

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 3.002 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-08T17:29:59.695076Z (string)

id : CVE-2024-8626 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-08T17:36:25.719Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8626", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T17:29:59.695076Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compactlogix_5380_firmware", "versions": [{"status": "affected", "version": "33.011", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compact_guardlogix_5380_firmware", "versions": [{"status": "affected", "version": "33.011", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compactlogix_5480_firmware", "versions": [{"status": "affected", "version": "33.011", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "guardlogix_5580_firmware", "versions": [{"status": "affected", "version": "33.001", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "1756-en4tr_firmware", "versions": [{"status": "affected", "version": "3.002"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:35:58.753Z"}}], "cna": {"title": "Logix Controllers Vulnerable to Denial-of-Service Vulnerability", "source": {"advisory": "SD1706", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124 Shared Resource Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "CompactLogix 5380 controllers", "versions": [{"status": "affected", "version": "v33.011 <"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "Compact GuardLogix\u00ae 5380 controllers", "versions": [{"status": "affected", "version": "v33.011<"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "CompactLogix 5480 controllers", "versions": [{"status": "affected", "version": "v33.011<"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "GuardLogix 5580 controllers", "versions": [{"status": "affected", "version": "v33.011<"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN4TR", "versions": [{"status": "affected", "version": "v3.002"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected Product\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011 <\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n  *  v33.015 and later for versions 33\n\n\n\n\n\u00a0\n\n\u00a0\n\n  *  v34.011 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix\u00ae 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4TR\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv3.002\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n  *  4.001 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nCustomers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. \n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td><p><br>Affected Product&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011 &lt;</p><p>&nbsp;</p><p>&nbsp;</p></td><td rowspan=\"5\"><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v33.015 and later for versions 33</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v34.011 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix\u00ae 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4TR</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v3.002</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>4.001 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds </p><p>Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul>\n\n<br>", "base64": false}]}], "datePublic": "2024-10-08T16:24:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. </span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-08T16:35:04.513Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8626", "state": "PUBLISHED", "dateUpdated": "2024-10-08T17:36:25.719Z", "dateReserved": "2024-09-09T20:33:30.575Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-10-08T16:35:04.513Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-8626 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-08T17:29:59.695076Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : rockwellautomation (string)

product : compactlogix_5380_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 33.011 (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : rockwellautomation (string)

product : compact_guardlogix_5380_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 33.011 (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : rockwellautomation (string)

product : compactlogix_5480_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 33.011 (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

3 : { »

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:* (string)

]

vendor : rockwellautomation (string)

product : guardlogix_5580_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 33.001 (string)

lessThan : 33.015 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

4 : { »

cpes : [ »

0 : cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:* (string)

]

vendor : rockwellautomation (string)

product : 1756-en4tr_firmware (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.002 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-08T17:35:58.753Z (string)

}

]

cna : { »

title : Logix Controllers Vulnerable to Denial-of-Service Vulnerability (string)

source : { »

advisory : SD1706 (string)

discovery : EXTERNAL (string)

}

impacts : [ »

0 : { »

capecId : CAPEC-124 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-124 Shared Resource Manipulation (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV4_0 : { »

Safety : NOT_DEFINED (string)

version : 4.0 (string)

Recovery : NOT_DEFINED (string)

baseScore : 8.7 (number)

Automatable : NOT_DEFINED (string)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N (string)

providerUrgency : NOT_DEFINED (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

privilegesRequired : NONE (string)

subIntegrityImpact : NONE (string)

vulnIntegrityImpact : NONE (string)

subAvailabilityImpact : NONE (string)

vulnAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

vulnConfidentialityImpact : HIGH (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Rockwell Automation (string)

product : CompactLogix 5380 controllers (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011 < (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Rockwell Automation (string)

product : Compact GuardLogix® 5380 controllers (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011< (string)

}

]

defaultStatus : unaffected (string)

}

2 : { »

vendor : Rockwell Automation (string)

product : CompactLogix 5480 controllers (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011< (string)

}

]

defaultStatus : unaffected (string)

}

3 : { »

vendor : Rockwell Automation (string)

product : GuardLogix 5580 controllers (string)

versions : [ »

0 : { »

status : affected (string)

version : v33.011< (string)

}

]

defaultStatus : unaffected (string)

}

4 : { »

vendor : Rockwell Automation (string)

product : 1756-EN4TR (string)

versions : [ »

0 : { »

status : affected (string)

version : v3.002 (string)

}

]

defaultStatus : unaffected (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Affected Product First Known in firmware Revision Corrected in Firmware Revision CompactLogix 5380 controllers v33.011 < * v33.015 and later for versions 33 * v34.011 and later Compact GuardLogix® 5380 controllers v33.011< CompactLogix 5480 controllers v33.011< ControlLogix 5580 controllers v33.011< GuardLogix 5580 controllers v33.011< 1756-EN4TR v3.002 * 4.001 and later Mitigations and Workarounds Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : <table><tbody><tr><td> Affected Product </td><td>  First Known in firmware Revision  </td><td>  Corrected in Firmware Revision  </td></tr><tr><td>  CompactLogix 5380 controllers  </td><td>  v33.011 <  </td><td rowspan="5">        <ul><li>v33.015 and later for versions 33</li></ul>  <ul><li>v34.011 and later</li></ul>     </td></tr><tr><td>  Compact GuardLogix® 5380 controllers  </td><td>  v33.011<  </td></tr><tr><td>  CompactLogix 5480 controllers  </td><td>  v33.011<  </td></tr><tr><td>  ControlLogix 5580 controllers  </td><td>  v33.011<  </td></tr><tr><td>  GuardLogix 5580 controllers  </td><td>  v33.011<  </td></tr><tr><td>  1756-EN4TR  </td><td>  v3.002  </td><td>  <ul><li>4.001 and later</li></ul>  </td></tr></tbody></table> Mitigations and Workarounds Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. <ul><li><a target="_blank" rel="nofollow" href="https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight">Security Best Practices</a> </li></ul> (string)

base64 : false (boolean)

}

]

}

]

datePublic : 2024-10-08T16:24:00.000Z (string)

references : [ »

0 : { »

url : https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html (string)

}

]

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-400 (string)

description : CWE-400 Uncontrolled Resource Consumption (string)

}

]

}

]

providerMetadata : { »

orgId : b73dd486-f505-4403-b634-40b078b177f0 (string)

shortName : Rockwell (string)

dateUpdated : 2024-10-08T16:35:04.513Z (string)

}

cveMetadata : { »

cveId : CVE-2024-8626 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-08T17:36:25.719Z (string)

dateReserved : 2024-09-09T20:33:30.575Z (string)

assignerOrgId : b73dd486-f505-4403-b634-40b078b177f0 (string)

datePublished : 2024-10-08T16:35:04.513Z (string)

assignerShortName : Rockwell (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover."}, {"lang": "es", "value": "Debido a una fuga de memoria, existe una vulnerabilidad de denegaci\u00f3n de servicio en los productos afectados de Rockwell Automation. Un agente malintencionado podr\u00eda aprovechar esta vulnerabilidad realizando m\u00faltiples acciones en determinadas p\u00e1ginas web del producto, lo que provocar\u00eda que los productos afectados dejaran de estar disponibles por completo y fuera necesario apagar y encender para recuperarse."}], "id": "CVE-2024-8626", "lastModified": "2024-10-10T12:56:30.817", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-10-08T17:15:56.240", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. (string)

}

1 : { »

lang : es (string)

value : Debido a una fuga de memoria, existe una vulnerabilidad de denegación de servicio en los productos afectados de Rockwell Automation. Un agente malintencionado podría aprovechar esta vulnerabilidad realizando múltiples acciones en determinadas páginas web del producto, lo que provocaría que los productos afectados dejaran de estar disponibles por completo y fuera necesario apagar y encender para recuperarse. (string)

}

]

id : CVE-2024-8626 (string)

lastModified : 2024-10-10T12:56:30.817 (string)

metrics : { »

cvssMetricV40 : [ »

0 : { »

cvssData : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

availabilityRequirement : NOT_DEFINED (string)

baseScore : 8.7 (number)

baseSeverity : HIGH (string)

confidentialityRequirement : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnAvailabilityImpact : NONE (string)

vulnConfidentialityImpact : HIGH (string)

vulnIntegrityImpact : NONE (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

source : PSIRT@rockwellautomation.com (string)

type : Secondary (string)

}

]

}

published : 2024-10-08T17:15:56.240 (string)

references : [ »

0 : { »

source : PSIRT@rockwellautomation.com (string)

url : https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html (string)

}

]

sourceIdentifier : PSIRT@rockwellautomation.com (string)

vulnStatus : Undergoing Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-400 (string)

}

]

source : PSIRT@rockwellautomation.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object