Unrated severityNVD Advisory· Published Apr 15, 2024· Updated Aug 12, 2024

Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value

CVE-2024-3493

Description

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

Affected products

Rockwellautomation/ControlLogix 5580llm-create
Rockwellautomation/Guard Logix 5580llm-create
Rockwellautomation/CompactLogix 5380llm-create
Rockwellautomation/1756-EN4TRcpe-rescue
Range: v5.001
Rockwellautomation/Compactlogixcpe-rescue
Range: v5.001
Rockwellautomation/Controllogixcpe-rescue
Range: v35.011
Rockwellautomation/Guardlogixcpe-rescue
Range: v35.011

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.rockwellautomation.com/en-us/support/advisory.SD1666.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000