CVE-2024-5659 - OpenCVE

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.

CVSS

No CVSS.

Vendors & Products
CPE Configurations

No data.

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-06-14T16:42:20.699Z

Updated: 2024-06-15T20:23:20.243Z

Reserved: 2024-06-05T16:47:18.275Z

Link: CVE-2024-5659

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-14T17:15:51.600

Modified: 2024-06-17T12:42:04.623

Link: CVE-2024-5659

JSON object: View

Redhat Information

No data.

CWE

CWE-670

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5659", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-06-05T16:47:18.275Z", "datePublished": "2024-06-14T16:42:20.699Z", "dateUpdated": "2024-06-15T20:23:20.243Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ControlLogix\u00ae 5580", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "GuardLogix 5580", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "4.001"}]}, {"defaultStatus": "unaffected", "product": "CompactLogix 5380", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "Compact GuardLogix 5380", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "CompactLogix 5480", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}], "datePublic": "2024-06-13T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nRockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">abnormal packets to the </a><a target=\"_blank\" rel=\"nofollow\">mDNS port. </a>If exploited, the availability of the device would be compromised.\n\n"}], "value": "Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port.\u00a0If exploited, the availability of the device would be compromised."}], "impacts": [{"capecId": "CAPEC-624", "descriptions": [{"lang": "en", "value": "CAPEC-624 Hardware Fault Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-06-14T16:42:20.699Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<table><tbody><tr><td>Affected Product</td><td>First Known in firmware revision</td><td>Corrected in firmware revision</td></tr><tr><td>ControlLogix\u00ae 5580</td><td>V34.011</td><td>V34.014, V35.013, V36.011 and later</td></tr><tr><td>GuardLogix 5580</td><td>V34.011</td><td>V34.014, V35.013, V36.011 and later </td></tr><tr><td>1756-EN4</td><td>V4.001</td><td>V6.001 and later</td></tr><tr><td>CompactLogix 5380</td><td>V34.011</td><td>V34.014, V35.013, V36.011 and later </td></tr><tr><td><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Compact GuardLogix </a> 5380</td><td>V34.011</td><td>V34.014, V35.013, V36.011 and later </td></tr><tr><td>CompactLogix 5480</td><td>V34.011</td><td>V34.014, V35.013, V36.011 and later</td></tr></tbody></table> \n\nMitigations and WorkaroundsUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\u00b7       Users who do not use <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Automatic Policy Deployment (APD)</a> should block <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">mDNS port, 5353</a> to help prevent communication.\u00b7       Enable CIP <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Security. </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf\">CIP Security with Rockwell Automation Products Application Technique</a>\u00b7       <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>\n\n "}], "value": "Affected Product\n\nFirst Known in firmware revision\n\nCorrected in firmware revision\n\nControlLogix\u00ae 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\nGuardLogix 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\n1756-EN4\n\nV4.001\n\nV6.001 and later\n\nCompactLogix 5380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompact GuardLogix \u00a05380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompactLogix 5480\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Users who do not use CIP Security with Rockwell Automation Products Application Technique https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"discovery": "EXTERNAL"}, "title": "Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "controllogix_5580", "cpes": ["cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "guardlogix_5580", "cpes": ["cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "1756_en4", "cpes": ["cpe:2.3:a:rockwellautomation:1756_en4:0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.001", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "compact_logix_5480", "cpes": ["cpe:2.3:a:rockwellautomation:compact_logix_5480:34.011:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "compact_guardlogix_5480", "cpes": ["cpe:2.3:a:rockwellautomation:compact_guardlogix_5480:34.011:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "compactlogix", "cpes": ["cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5480", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-15T19:57:53.882617Z", "id": "CVE-2024-5659", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-15T20:23:20.243Z"}}]}}