Rockwell GuardLogix/ControlLogix 5580 Controller denial-of-service Vulnerability via Malformed Packet Handling (CVE-2024-40619)

high Tenable OT Security Plugin ID 502369

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A denial-of-service vulnerability exists in the affected products.
The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation has released product updates addressing this vulnerability:

ControlLogix 5580: Update to v34.014 and later GuardLogix 5580: Update to v34.014 and later

Users with the affected software are encouraged to apply the risk mitigations, if possible..

See Also

http://www.nessus.org/u?91ef9343

https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-03

Plugin Details

Severity: High

ID: 502369

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 9/2/2024

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rockwellautomation:controllogix_5580_firmware, cpe:/o:rockwellautomation:guardlogix_5580_firmware

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 8/13/2024

Vulnerability Publication Date: 8/13/2024

Reference Information

CVE: CVE-2024-40619

CWE: 754

ICSA: 24-226-03