VYPR

Guardlogix

by Rockwellautomation

CVEs (17)

  • CVE-2012-6437CriJan 24, 2013
    risk 0.64cvss 9.8epss 0.10

    The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability,…

  • CVE-2012-6435HigJan 24, 2013
    risk 0.52cvss 7.5epss 0.42

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause…

  • CVE-2012-6442HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a…

  • CVE-2012-6438HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this…

  • CVE-2012-6436HigJan 24, 2013
    risk 0.51cvss 7.5epss 0.33

    The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this…

  • CVE-2012-6440MedJan 24, 2013
    risk 0.32cvss 4.8epss 0.08

    The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics…

  • CVE-2012-6441Jan 24, 2013
    risk 0.04cvss epss 0.54

    An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. …

  • CVE-2012-6439Jan 24, 2013
    risk 0.02cvss epss 0.28

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that changes the product’s configuration and network parameters, a DoS condition can occur. This situation…

  • CVE-2024-6207Oct 14, 2024
    risk 0.00cvss epss 0.01

    CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected…

  • CVE-2024-6077Sep 12, 2024
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.

  • CVE-2024-40619Aug 14, 2024
    risk 0.00cvss epss 0.01

    CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

  • CVE-2024-5659Jun 14, 2024
    risk 0.00cvss epss 0.00

    Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the…

  • CVE-2024-3493Apr 15, 2024
    risk 0.00cvss epss 0.01

    A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and…

  • CVE-2024-21916Jan 31, 2024
    risk 0.00cvss epss 0.01

    A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

  • CVE-2022-3752Dec 19, 2022
    risk 0.00cvss epss 0.01

    An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes…

  • CVE-2022-3157Dec 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

  • CVE-2022-1161Apr 11, 2022
    risk 0.00cvss epss 0.05

    An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an…