CVE-2024-3493

{"id": "CVE-2024-3493", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-3493", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T15:09:28.736089Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "affected": [{"source": "PSIRT@rockwellautomation.com", "affectedData": [{"vendor": "Rockwell Automation", "product": "ControlLogix 5580", "versions": [{"status": "affected", "version": "v35.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "GuardLogix 5580", "versions": [{"status": "affected", "version": "v35.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "CompactLogix 5380", "versions": [{"status": "affected", "version": "v5.001"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN4TR", "versions": [{"status": "affected", "version": "v5.001"}], "defaultStatus": "unaffected"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "affectedData": [{"cpes": ["cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "guardlogix_5580_firmware", "versions": [{"status": "affected", "version": "35.011"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:5.001:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compactlogix_5380_firmware", "versions": [{"status": "affected", "version": "35.011"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "1756-en4tr_firmware", "versions": [{"status": "affected", "version": "5.001"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "1756-en4tr_firmware", "versions": [{"status": "affected", "version": "5.001"}], "defaultStatus": "unknown"}]}], "published": "2024-04-15T22:15:09.073", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html", "tags": ["Broken Link"], "source": "PSIRT@rockwellautomation.com"}, {"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nA specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix\u00a05580,\u00a0CompactLogix 5380,\u00a0and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. \n\n"}, {"lang": "es", "value": "Un tipo de paquete fragmentado con formato incorrecto espec\u00edfico (los dispositivos que env\u00edan grandes cantidades de datos pueden generar paquetes fragmentados autom\u00e1ticamente) puede causar una falla mayor no recuperable (MNRF) en ControlLogix 5580, Guard Logix 5580, CompactLogix 5380 y 1756-EN4TR de Rockwell Automation. Si se explota, el producto afectado dejar\u00e1 de estar disponible y requerir\u00e1 un reinicio manual para recuperarlo. Adem\u00e1s, un MNRF podr\u00eda provocar una p\u00e9rdida de visi\u00f3n y/o control de los dispositivos conectados."}], "lastModified": "2026-06-17T07:44:22.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29D3775-CAB3-45CF-96CE-71D0672C7E37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64CAC9B1-19E5-44BB-B814-DDA98B7290E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "305CDBFF-404A-45F5-A391-1B18F446D1B8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9232043F-8A87-446C-8B7E-F8E400AA6F68"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62414E65-73C7-4172-B7BF-F40A66AFBB90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91162BBB-AD61-4191-B00A-FDE767268F13"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1756-en4tr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "898EE953-E0EF-4B52-8EA0-41AAD8B5CCF3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A1541AE-A429-455E-94C4-3420183CE7CF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFEDADD8-01DE-4AE5-A0D7-532347FA7DB2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_process_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF838222-B4B6-4A66-B3CE-55E643368754"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380_process:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77BCC249-D601-4A82-9247-C0981BF990FC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61F8EA3B-C51C-4CB1-9BB3-017577DC6684"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}