CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port.If exploited, the availability of the device would be compromised.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
RockwellCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
rockwellautomationcontrollogix_5580_firmware
34.011
rockwellautomationguardlogix_5580_firmware
34.011
rockwellautomation1756-en4_firmware
4.001
rockwellautomationcompactlogix_5380_firmware
34.011
rockwellautomationcompact_guardlogix_5380_firmware
34.011
rockwellautomationcompactlogix_5480_firmware
34.011
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html