mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
178 lines
8.7 KiB
JSON
178 lines
8.7 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-6207",
|
|
"ASSIGNER": "PSIRT@rockwellautomation.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html \u00a0and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-20 Improper Input Validation",
|
|
"cweId": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Rockwell Automation",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ControlLogix\u00ae 5580",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V28.011"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ControlLogix\u00ae 5580 Process",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V33.011"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "GuardLogix 5580",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V31.011"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "CompactLogix 5380",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V28.011"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Compact GuardLogix 5380 SIL 2",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V31.011"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Compact GuardLogix 5380 SIL 3",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V32.013"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "CompactLogix 5480",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V32.011"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "FactoryTalk\u00ae Logix Echo",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "V33.011"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>AFFECTED PRODUCTS AND SOLUTION</p><table><tbody><tr><td>Affected Product<br></td><td>First Known in firmware revision</td><td>Corrected in firmware revision</td></tr><tr><td>ControlLogix\u00ae 5580</td><td>V28.011</td><td>V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>ControlLogix\u00ae 5580 Process</td><td>V33.011</td><td>V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>GuardLogix 5580</td><td>V31.011</td><td> V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>CompactLogix 5380</td><td>V28.011</td><td> V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>Compact GuardLogix 5380 SIL 2</td><td>V31.011</td><td>V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>Compact GuardLogix 5380 SIL 3</td><td>V32.013</td><td>V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>CompactLogix 5480</td><td>V32.011</td><td>V33.017, V34.014, V35.013, V36.011 and later</td></tr><tr><td>FactoryTalk\u00ae Logix Echo </td><td>V33.011</td><td>V34.014, V35.013, V36.011 and later</td></tr></tbody></table>\n\n<br>"
|
|
}
|
|
],
|
|
"value": "AFFECTED PRODUCTS AND SOLUTION\n\nAffected Product\nFirst Known in firmware revisionCorrected in firmware revisionControlLogix\u00ae 5580V28.011V33.017, V34.014, V35.013, V36.011 and laterControlLogix\u00ae 5580 ProcessV33.011V33.017, V34.014, V35.013, V36.011 and laterGuardLogix 5580V31.011\u00a0V33.017, V34.014, V35.013, V36.011 and laterCompactLogix 5380V28.011\u00a0V33.017, V34.014, V35.013, V36.011 and laterCompact GuardLogix 5380 SIL 2V31.011V33.017, V34.014, V35.013, V36.011 and laterCompact GuardLogix 5380 SIL 3V32.013V33.017, V34.014, V35.013, V36.011 and laterCompactLogix 5480V32.011V33.017, V34.014, V35.013, V36.011 and laterFactoryTalk\u00ae Logix Echo V33.011V34.014, V35.013, V36.011 and later"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |