cve-2024-6207
Vulnerability from cvelistv5
Published
2024-10-14 20:53
Modified
2024-10-15 14:43
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
Summary
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Rockwell Automation | ControlLogix® 5580 |
Version: V28.011 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "compactlogix_5380_firmware", "vendor": "rockwellautomation", "versions": [ { "lessThan": "33.017", "status": "affected", "version": "28.011", "versionType": "custom" }, { "lessThan": "34.014", "status": "affected", "version": "34.0", "versionType": "custom" }, { "lessThan": "35.013", "status": "affected", "version": "35.0", "versionType": "custom" }, { "lessThan": "36.011", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "controllogix_5580_process_firmware", "vendor": "rockwellautomation", "versions": [ { "lessThan": "33.017", "status": "affected", "version": "33.011", "versionType": "custom" }, { "lessThan": "34.014", "status": "affected", "version": "34.0", "versionType": "custom" }, { "lessThan": "35.013", "status": "affected", "version": "35.0", "versionType": "custom" }, { "lessThan": "36.011", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil2_firmware:*:*:*:*:*:*:*:*", "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "guardlogix_5580_firmware", "vendor": "rockwellautomation", "versions": [ { "lessThan": "33.017", "status": "affected", "version": "31.011", "versionType": "custom" }, { "lessThan": "34.014", "status": "affected", "version": "34.0", "versionType": "custom" }, { "lessThan": "35.013", "status": "affected", "version": "35.0", "versionType": "custom" }, { "lessThan": "36.011", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "controllogix_5580_process_firmware", "vendor": "rockwellautomation", "versions": [ { "lessThan": "33.017", "status": "affected", "version": "32.011", "versionType": "custom" }, { "lessThan": "34.014", "status": "affected", "version": "34.0", "versionType": "custom" }, { "lessThan": "35.013", "status": "affected", "version": "35.0", "versionType": "custom" }, { "lessThan": "36.011", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil3_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "compact_guardlogix_5380_sil3_firmware", "vendor": "rockwellautomation", "versions": [ { "lessThan": "33.017", "status": "affected", "version": "32.013", "versionType": "custom" }, { "lessThan": "34.014", "status": "affected", "version": "34.0", "versionType": "custom" }, { "lessThan": "35.013", "status": "affected", "version": "35.0", "versionType": "custom" }, { "lessThan": "36.011", "status": "affected", "version": "36.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:rockwellautomation:factorytalk_logix_echo:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "factorytalk_logix_echo", "vendor": "rockwellautomation", "versions": [ { "lessThan": "34.014", "status": "affected", "version": "33.011", "versionType": "custom" }, { "lessThan": "35.013", "status": "affected", "version": "35.0", "versionType": "custom" }, { "lessThan": "36.011", "status": "affected", "version": "36.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6207", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T14:11:41.281080Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T14:43:19.768Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "ControlLogix\u00ae 5580", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V28.011" } ] }, { "defaultStatus": "unaffected", "product": "ControlLogix\u00ae 5580 Process", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V33.011" } ] }, { "defaultStatus": "unaffected", "product": "GuardLogix 5580", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V31.011" } ] }, { "defaultStatus": "unaffected", "product": "CompactLogix 5380", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V28.011" } ] }, { "defaultStatus": "unaffected", "product": "Compact GuardLogix 5380 SIL 2", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V31.011" } ] }, { "defaultStatus": "unaffected", "product": "Compact GuardLogix 5380 SIL 3", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V32.013" } ] }, { "defaultStatus": "unaffected", "product": "CompactLogix 5480", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V32.011" } ] }, { "defaultStatus": "unaffected", "product": "FactoryTalk\u00ae Logix Echo", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "V33.011" } ] } ], "datePublic": "2024-10-10T13:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003eCVE-2024-6207\u003c/a\u003e\u0026nbsp;IMPACT\u003c/p\u003e\u003cp\u003eA denial-of-service vulnerability exists in the affected products that will cause the device to result in a major nonrecoverable fault (MNRF) when it receives an invalid CIP request. To exploit this vulnerability a malicious user must chain this exploits with \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html\"\u003eCVE 2021-22681\u003c/a\u003e\u0026nbsp;and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running. \u003c/p\u003e" } ], "value": "CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html \u00a0and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running." } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T20:53:49.191Z", "orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell" }, "references": [ { "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eAFFECTED PRODUCTS AND SOLUTION\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eFirst Known in firmware revision\u003c/td\u003e\u003ctd\u003eCorrected in firmware revision\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eControlLogix\u00ae 5580\u003c/td\u003e\u003ctd\u003eV28.011\u003c/td\u003e\u003ctd\u003eV33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eControlLogix\u00ae 5580 Process\u003c/td\u003e\u003ctd\u003eV33.011\u003c/td\u003e\u003ctd\u003eV33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGuardLogix 5580\u003c/td\u003e\u003ctd\u003eV31.011\u003c/td\u003e\u003ctd\u003e\u0026nbsp;V33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eCompactLogix 5380\u003c/td\u003e\u003ctd\u003eV28.011\u003c/td\u003e\u003ctd\u003e\u0026nbsp;V33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eCompact GuardLogix 5380 SIL 2\u003c/td\u003e\u003ctd\u003eV31.011\u003c/td\u003e\u003ctd\u003eV33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eCompact GuardLogix 5380 SIL 3\u003c/td\u003e\u003ctd\u003eV32.013\u003c/td\u003e\u003ctd\u003eV33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eCompactLogix 5480\u003c/td\u003e\u003ctd\u003eV32.011\u003c/td\u003e\u003ctd\u003eV33.017, V34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eFactoryTalk\u00ae Logix Echo \u003c/td\u003e\u003ctd\u003eV33.011\u003c/td\u003e\u003ctd\u003eV34.014, V35.013, V36.011 and later\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e" } ], "value": "AFFECTED PRODUCTS AND SOLUTION\n\nAffected Product\nFirst Known in firmware revisionCorrected in firmware revisionControlLogix\u00ae 5580V28.011V33.017, V34.014, V35.013, V36.011 and laterControlLogix\u00ae 5580 ProcessV33.011V33.017, V34.014, V35.013, V36.011 and laterGuardLogix 5580V31.011\u00a0V33.017, V34.014, V35.013, V36.011 and laterCompactLogix 5380V28.011\u00a0V33.017, V34.014, V35.013, V36.011 and laterCompact GuardLogix 5380 SIL 2V31.011V33.017, V34.014, V35.013, V36.011 and laterCompact GuardLogix 5380 SIL 3V32.013V33.017, V34.014, V35.013, V36.011 and laterCompactLogix 5480V32.011V33.017, V34.014, V35.013, V36.011 and laterFactoryTalk\u00ae Logix Echo V33.011V34.014, V35.013, V36.011 and later" } ], "source": { "discovery": "INTERNAL" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "assignerShortName": "Rockwell", "cveId": "CVE-2024-6207", "datePublished": "2024-10-14T20:53:49.191Z", "dateReserved": "2024-06-20T16:08:17.052Z", "dateUpdated": "2024-10-15T14:43:19.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-6207\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2024-10-14T21:15:12.460\",\"lastModified\":\"2024-10-21T13:20:45.617\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html \u00a0and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.\"},{\"lang\":\"es\",\"value\":\"CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html y enviar un mensaje CIP especialmente manipulado al dispositivo. Si se explota, un actor de amenazas podr\u00eda ayudar a evitar el acceso al usuario leg\u00edtimo y finalizar las conexiones a los dispositivos conectados, incluida la estaci\u00f3n de trabajo. Para recuperar los controladores, se requiere una descarga que finalice cualquier proceso que est\u00e9 ejecutando el controlador.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"28.011\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"3CCECB24-3DF9-441D-B2E0-7EDD305EA31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"999BE839-8688-4723-A067-788386E528D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"D70BDEA5-B19E-4399-AD46-FA94285B2DEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"33.011\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"F8EF3D88-B9BC-4FEA-BA35-8657EEE463F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"7A3A96A6-242A-4022-8347-E04467DA6FDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"7D377807-09D3-4430-8B0D-83BB5514B275\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFEDADD8-01DE-4AE5-A0D7-532347FA7DB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"31.011\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"BF92BE9B-AF7A-4A04-9438-C30C5ED49B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"D0E0F65D-98D1-4021-9CB0-402834F46DD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"956AF3D2-9A47-4BAD-B3A5-37A8965DBB2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"006B7683-9FDF-4748-BA28-2EA22613E092\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"28.011\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"6C85E19A-8153-4AC2-8A15-DD1CEE9F5B2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"90519681-C70B-49EE-A551-29D5A9EFCA31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"3A306250-9B1A-49A4-B6C1-E2EFBA49504B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD040ED-B44C-47D0-B4D4-729C378C4F68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"31.011\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"93D9D75D-0C98-408B-9EB1-6315AAE1147B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"58CAFC2B-2C95-41E0-BB00-7E7F89103664\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"37997377-0939-4D3C-8A97-F4F8C6FB1000\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E594CDF6-0582-4D5C-B6AA-C8A2E752E29F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"32.013\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"D85D8A23-BC23-41F9-A17A-33239D4C90B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"13C157F1-BD62-4F6A-8DCF-4660983C9948\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"A01F13C3-42C1-409C-A16E-6BEC723108A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B82D842C-0930-41AA-83CD-5F235771AE4B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"32.011\",\"versionEndExcluding\":\"33.017\",\"matchCriteriaId\":\"A890317E-B6BD-4A0A-B7E0-E50D90506EF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"34.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"881D835B-D7E3-44C5-9B77-CA82EDCE2D3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"A0ABD910-7EBE-44C8-97E3-2B523CDEE5FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F4F5BE-07DF-402A-BF98-34FBA6A11968\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:factorytalk_logix_echo_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"33.011\",\"versionEndExcluding\":\"34.014\",\"matchCriteriaId\":\"02105DF7-661C-47E7-BC52-771356537783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:factorytalk_logix_echo_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"35.011\",\"versionEndExcluding\":\"35.013\",\"matchCriteriaId\":\"51ECB73D-C08C-4DE1-BA75-608E9C350751\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:factorytalk_logix_echo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7898895B-17A1-499A-9B09-9F6C1C302368\"}]}]}],\"references\":[{\"url\":\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.