#VU91987 Always-Incorrect Control Flow Implementation in Rockwell Automation products - CVE-2024-5659

Cybersecurity Help s.r.o.

Published: 2024-06-12

Vulnerability identifier: #VU91987

Vulnerability risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-5659

CWE-ID: CWE-670

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
ControlLogix 5580
Hardware solutions / Firmware
GuardLogix 5580
Hardware solutions / Firmware
1756-EN4
Hardware solutions / Firmware
CompactLogix 5380
Hardware solutions / Firmware
Compact GuardLogix 5380
Hardware solutions / Firmware
CompactLogix 5480
Hardware solutions / Firmware

Vendor: Rockwell Automation

Description

The vulnerability allows a remote attacker to perform a denial of servide (DoS) attack.

The vulnerability exists due to always-incorrect control flow implementation. A remote attacker on the local network can send specially crafted packets to the mDNS port and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ControlLogix 5580: 34.011

GuardLogix 5580: 34.011

1756-EN4: 4.001

CompactLogix 5380: 34.011

Compact GuardLogix 5380: 34.011

CompactLogix 5480: 34.011

External links
https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Rockwell Automation ControlLogix, GuardLogix and CompactLogix