fkie_cve-2024-7515
Vulnerability from fkie_nvd
Published
2024-08-14 20:15
Modified
2025-03-04 17:47
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.
References
PSIRT@rockwellautomation.comhttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.htmlVendor Advisory
Impacted products
Vendor Product Version
rockwellautomation compactlogix_5380_firmware *
rockwellautomation compactlogix_5380_firmware 35.011
rockwellautomation compactlogix_5380 -
rockwellautomation controllogix_5580_firmware *
rockwellautomation controllogix_5580_firmware 35.011
rockwellautomation controllogix_5580 -
rockwellautomation guardlogix_5580_firmware *
rockwellautomation guardlogix_5580_firmware 35.011
rockwellautomation guardlogix_5580 -
rockwellautomation compact_guardlogix_5380_sil_2_firmware *
rockwellautomation compact_guardlogix_5380_sil_2_firmware 35.011
rockwellautomation compact_guardlogix_5380_sil_2 -
rockwellautomation compact_guardlogix_5380_sil_3_firmware *
rockwellautomation compact_guardlogix_5380_sil_3_firmware 35.011
rockwellautomation compact_guardlogix_5380_sil_3 -
rockwellautomation compactlogix_5480_firmware *
rockwellautomation compactlogix_5480_firmware 35.011
rockwellautomation compactlogix_5480 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AABBF4EF-9F0E-432D-A535-F74402CFD05D",
              "versionEndExcluding": "34.014",
              "versionStartIncluding": "28.011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "305CDBFF-404A-45F5-A391-1B18F446D1B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD040ED-B44C-47D0-B4D4-729C378C4F68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B18F7F-80AB-4146-9D65-B1DB4C2FAA8D",
              "versionEndExcluding": "34.014",
              "versionStartIncluding": "28.011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29D3775-CAB3-45CF-96CE-71D0672C7E37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BB883B-B863-4D57-B1C0-FC7B3EBD1EA0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC2E9A2F-AFC7-442D-88FC-C3217ABB560E",
              "versionEndExcluding": "34.014",
              "versionStartIncluding": "31.011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CAC9B1-19E5-44BB-B814-DDA98B7290E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "006B7683-9FDF-4748-BA28-2EA22613E092",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "560A9F50-DBCF-48CF-856B-BE061C490697",
              "versionEndExcluding": "34.014",
              "versionStartIncluding": "31.011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:35.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A5DA9B-E1CA-45FF-8A9B-60B1E506F981",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E594CDF6-0582-4D5C-B6AA-C8A2E752E29F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3631A2E0-00BA-4DF2-94C2-6906B9A3E941",
              "versionEndExcluding": "34.014",
              "versionStartIncluding": "32.013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:35.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE90277-EB8A-4ECE-A573-C1814F35CB47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B82D842C-0930-41AA-83CD-5F235771AE4B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C025589-66EE-40EF-8CE6-9A7B76D74BF4",
              "versionEndExcluding": "34.014",
              "versionStartIncluding": "32.011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011:*:*:*:*:*:*:*",
              "matchCriteriaId": "61F8EA3B-C51C-4CB1-9BB3-017577DC6684",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F4F5BE-07DF-402A-BF98-34FBA6A11968",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CVE-2024-7515 IMPACT\n\nA denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller."
    },
    {
      "lang": "es",
      "value": "CVE-2024-7515 IMPACT Existe una vulnerabilidad de denegaci\u00f3n de servicio en los productos afectados. Un paquete de administraci\u00f3n PTP con formato incorrecto puede causar un fallo importante no recuperable en el controlador."
    }
  ],
  "id": "CVE-2024-7515",
  "lastModified": "2025-03-04T17:47:01.887",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "PSIRT@rockwellautomation.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-14T20:15:13.150",
  "references": [
    {
      "source": "PSIRT@rockwellautomation.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201686.html"
    }
  ],
  "sourceIdentifier": "PSIRT@rockwellautomation.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "PSIRT@rockwellautomation.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.