SB2024082604 - Multiple vulnerabilities in Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix and Compact GuardLogix 5380
Published: August 26, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2024-7507)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted PCCC message to the application and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2024-7515)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted PTP management packet to the application and perform a denial of service (DoS) attack.
3) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-40619)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A remote attacker can send specially crafted CIP packets to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201685.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-09
- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-10
- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201690.html
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-03