CVE-2024-8626
08.10.2024, 17:15
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rockwellautomation | compactlogix_5380_firmware | 33.011 ≤ 𝑥 < 33.015 |
| rockwellautomation | compact_guardlogix_5380_firmware | 33.011 ≤ 𝑥 < 33.015 |
| rockwellautomation | compactlogix_5480_firmware | 33.011 ≤ 𝑥 < 33.015 |
| rockwellautomation | controllogix_5580_firmware | 33.011 ≤ 𝑥 < 33.015 |
| rockwellautomation | guardlogix_5580_firmware | 33.011 ≤ 𝑥 < 33.015 |
| rockwellautomation | 1756-en4tr_firmware | 3.002 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-401 - Missing Release of Memory after Effective LifetimeThe software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.