CVE-2024-6089

An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:rockwellautomation:5015-aenftxt_firmware:2.011:*:*:*:*:*:*:*

cpe:2.3:h:rockwellautomation:5015-aenftxt:-:*:*:*:*:*:*:*

History

10 Sep 2024, 14:05

Type	Values Removed	Values Added
CPE		cpe:2.3:h:rockwellautomation:5015-aenftxt:-:::::::* cpe:2.3:o:rockwellautomation:5015-aenftxt_firmware:2.011:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		NVD-CWE-noinfo
Summary		(es) Existe una vulnerabilidad de validación de entrada en Rockwell Automation 5015 - AENFTXT cuando se envía un paquete PTP manipulado, lo que provoca que el adaptador secundario genere una falla importante no recuperable. Si se explota, se requiere un ciclo de energía para recuperar el producto.
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html - Vendor Advisory
First Time		Rockwellautomation 5015-aenftxt Firmware Rockwellautomation Rockwellautomation 5015-aenftxt

16 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-16 17:15

Updated : 2024-09-10 14:05

NVD link : CVE-2024-6089

Mitre link : CVE-2024-6089

CVE.ORG link : CVE-2024-6089

JSON object : View

Products Affected

rockwellautomation

5015-aenftxt
5015-aenftxt_firmware

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2024-6089", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-16T17:15:11.817", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An input validation vulnerability exists in the Rockwell Automation\u00a05015 - AENFTXT\u00a0when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada en Rockwell Automation 5015 - AENFTXT cuando se env\u00eda un paquete PTP manipulado, lo que provoca que el adaptador secundario genere una falla importante no recuperable. Si se explota, se requiere un ciclo de energ\u00eda para recuperar el producto."}], "lastModified": "2024-09-10T14:05:16.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:5015-aenftxt_firmware:2.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "436F7BB7-A8CA-4E00-9F42-6DDB0D995E09"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:5015-aenftxt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C699B471-D2E4-4B2F-B0A4-6045B8170354"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}