CVE-2024-6207

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:rockwellautomation:factorytalk_logix_echo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:factorytalk_logix_echo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:factorytalk_logix_echo:-:*:*:*:*:*:*:*

History

21 Oct 2024, 13:20

Type Values Removed Values Added
CPE cpe:2.3:h:rockwellautomation:factorytalk_logix_echo:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5480:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_3:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380_sil_2:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_sil_2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:factorytalk_logix_echo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:controllogix_5580_process:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:compactlogix_5380:-:*:*:*:*:*:*:*
First Time Rockwellautomation compactlogix 5480
Rockwellautomation compact Guardlogix 5380 Sil 2
Rockwellautomation controllogix 5580
Rockwellautomation controllogix 5580 Process Firmware
Rockwellautomation controllogix 5580 Firmware
Rockwellautomation guardlogix 5580
Rockwellautomation factorytalk Logix Echo Firmware
Rockwellautomation compact Guardlogix 5380 Sil 3 Firmware
Rockwellautomation factorytalk Logix Echo
Rockwellautomation guardlogix 5580 Firmware
Rockwellautomation
Rockwellautomation controllogix 5580 Process
Rockwellautomation compact Guardlogix 5380 Sil 2 Firmware
Rockwellautomation compactlogix 5480 Firmware
Rockwellautomation compactlogix 5380
Rockwellautomation compactlogix 5380 Firmware
Rockwellautomation compact Guardlogix 5380 Sil 3
References () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html - () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html - Vendor Advisory
CWE NVD-CWE-noinfo

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html y enviar un mensaje CIP especialmente manipulado al dispositivo. Si se explota, un actor de amenazas podría ayudar a evitar el acceso al usuario legítimo y finalizar las conexiones a los dispositivos conectados, incluida la estación de trabajo. Para recuperar los controladores, se requiere una descarga que finalice cualquier proceso que esté ejecutando el controlador.

14 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 21:15

Updated : 2024-10-21 13:20


NVD link : CVE-2024-6207

Mitre link : CVE-2024-6207

CVE.ORG link : CVE-2024-6207


JSON object : View

Products Affected

rockwellautomation

  • guardlogix_5580
  • compactlogix_5380
  • controllogix_5580
  • compact_guardlogix_5380_sil_2
  • factorytalk_logix_echo_firmware
  • compactlogix_5480_firmware
  • compact_guardlogix_5380_sil_2_firmware
  • controllogix_5580_process
  • factorytalk_logix_echo
  • controllogix_5580_firmware
  • compactlogix_5480
  • compact_guardlogix_5380_sil_3_firmware
  • controllogix_5580_process_firmware
  • guardlogix_5580_firmware
  • compact_guardlogix_5380_sil_3
  • compactlogix_5380_firmware
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation