Detections
Analytics
Rockwell GuardLogix/ControlLogix 5580 Controller denial-of-service Vulnerability via Malformed Packet Handling (CVE-2024-40619)
high Tenable OT Security Plugin ID 502369
Synopsis
The remote OT asset is affected by a vulnerability.Description
A denial-of-service vulnerability exists in the affected products.The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Rockwell Automation has released product updates addressing this vulnerability:
ControlLogix 5580: Update to v34.014 and later GuardLogix 5580: Update to v34.014 and later
Users with the affected software are encouraged to apply the risk mitigations, if possible..
See Also
http://www.nessus.org/u?91ef9343
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-03
Plugin Details
Severity: High
ID: 502369
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 9/2/2024
Updated: 9/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:rockwellautomation:controllogix_5580_firmware, cpe:/o:rockwellautomation:guardlogix_5580_firmware
Required KB Items: Tenable.ot/Rockwell
Exploit Ease: No known exploits are available
Patch Publication Date: 8/13/2024
Vulnerability Publication Date: 8/13/2024
Reference Information
CVE: CVE-2024-40619
CWE: 754
ICSA: 24-226-03