mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 13:36:56 +00:00
291 lines
9.2 KiB
JSON
291 lines
9.2 KiB
JSON
{
|
|
"id": "CVE-2024-8626",
|
|
"sourceIdentifier": "PSIRT@rockwellautomation.com",
|
|
"published": "2024-10-08T17:15:56.240",
|
|
"lastModified": "2025-02-27T19:30:07.490",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Debido a una fuga de memoria, existe una vulnerabilidad de denegaci\u00f3n de servicio en los productos afectados de Rockwell Automation. Un agente malintencionado podr\u00eda aprovechar esta vulnerabilidad realizando m\u00faltiples acciones en determinadas p\u00e1ginas web del producto, lo que provocar\u00eda que los productos afectados dejaran de estar disponibles por completo y fuera necesario apagar y encender para recuperarse."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV40": [
|
|
{
|
|
"source": "PSIRT@rockwellautomation.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "4.0",
|
|
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
|
"baseScore": 8.7,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"attackRequirements": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"vulnConfidentialityImpact": "HIGH",
|
|
"vulnIntegrityImpact": "NONE",
|
|
"vulnAvailabilityImpact": "NONE",
|
|
"subConfidentialityImpact": "NONE",
|
|
"subIntegrityImpact": "NONE",
|
|
"subAvailabilityImpact": "NONE",
|
|
"exploitMaturity": "NOT_DEFINED",
|
|
"confidentialityRequirement": "NOT_DEFINED",
|
|
"integrityRequirement": "NOT_DEFINED",
|
|
"availabilityRequirement": "NOT_DEFINED",
|
|
"modifiedAttackVector": "NOT_DEFINED",
|
|
"modifiedAttackComplexity": "NOT_DEFINED",
|
|
"modifiedAttackRequirements": "NOT_DEFINED",
|
|
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
|
"modifiedUserInteraction": "NOT_DEFINED",
|
|
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
|
|
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
|
|
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
|
|
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
|
|
"modifiedSubIntegrityImpact": "NOT_DEFINED",
|
|
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
|
|
"Safety": "NOT_DEFINED",
|
|
"Automatable": "NOT_DEFINED",
|
|
"Recovery": "NOT_DEFINED",
|
|
"valueDensity": "NOT_DEFINED",
|
|
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
|
"providerUrgency": "NOT_DEFINED"
|
|
}
|
|
}
|
|
],
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "PSIRT@rockwellautomation.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-400"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-401"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "33.011",
|
|
"versionEndExcluding": "33.015",
|
|
"matchCriteriaId": "ADC47AB0-6712-473D-976D-4FE7CCFC2532"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "33.011",
|
|
"versionEndExcluding": "33.015",
|
|
"matchCriteriaId": "9C7450A3-7B44-4CDE-B71A-91F4A695B922"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62414E65-73C7-4172-B7BF-F40A66AFBB90"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "33.011",
|
|
"versionEndExcluding": "33.015",
|
|
"matchCriteriaId": "209FB84C-5C5D-49D4-B7EF-24BCF8448CDD"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "33.011",
|
|
"versionEndExcluding": "33.015",
|
|
"matchCriteriaId": "9C2411ED-FD7A-4A60-87EE-9B530050CCF1"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "33.011",
|
|
"versionEndExcluding": "33.015",
|
|
"matchCriteriaId": "D37F9CEA-510D-41EE-B999-F86AF481ACEC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6CF51B29-F0CF-44DC-819E-4DC700D82BA7"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html",
|
|
"source": "PSIRT@rockwellautomation.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |