{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-21916", "ASSIGNER": "PSIRT@rockwellautomation.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "\nA denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "cweId": "CWE-119" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Rockwell Automation", "product": { "product_data": [ { "product_name": "ControlLogix\u00ae 5570", "version": { "version_data": [ { "version_affected": "=", "version_value": "20.011" } ] } }, { "product_name": "GuardLogix\u00ae 5570", "version": { "version_data": [ { "version_affected": "=", "version_value": "20.011" } ] } }, { "product_name": "ControlLogix\u00ae 5570 redundant", "version": { "version_data": [ { "version_affected": "=", "version_value": "20.054_kit1" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html", "refsource": "MISC", "name": "https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "UNKNOWN" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\n\n

Affected Product

First Known in Firmware

Corrected in Firmware

ControlLogix\u00ae 5570

20.011

v33.016, 34.013, 35.012, 36.011 and later

GuardLogix\u00ae 5570

20.011

v33.016, 34.013, 35.012, 36.011 and later

ControlLogix\u00ae 5570 redundant

20.054_kit1

v33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late

\n\n
\n\n" } ], "value": "\n * Update to corrected Firmware.\u00a0\n\n\n\n\nAffected Product\n\nFirst Known in Firmware\n\nCorrected in Firmware\n\nControlLogix\u00ae 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nGuardLogix\u00ae 5570\n\n20.011\n\nv33.016, 34.013, 35.012, 36.011 and later\n\nControlLogix\u00ae 5570 redundant\n\n20.054_kit1\n\nv33.053_kit1, 34.052_kit1, 35.052_kit1, 36.051_kit1 and late\n\n\n\n\n\n\n" } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } ] } }