{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6089", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-06-17T18:12:51.583Z", "datePublished": "2024-07-16T17:10:21.810Z", "dateUpdated": "2024-08-01T21:33:04.327Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "5015 - AENFTXT", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v2.011"}]}], "datePublic": "2024-07-16T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An input validation vulnerability exists in the Rockwell Automation&nbsp;5015 - AENFTXT&nbsp;when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. &nbsp;</span>\n\n"}], "value": "An input validation vulnerability exists in the Rockwell Automation\u00a05015 - AENFTXT\u00a0when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20:  Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-07-16T17:10:21.810Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Customers using the affected software are encouraged to apply the risk mitigations, if possible.</p><ul><li><p>Update to the corrected firmware revision, v2.012.</p></li></ul><ul><li><p>For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best practices</a>&nbsp;to minimize the risk of the vulnerability.</p></li></ul>"}], "value": "Customers using the affected software are encouraged to apply the risk mitigations, if possible.\n\n  *  Update to the corrected firmware revision, v2.012.\n\n\n\n\n  *  For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability."}], "source": {"advisory": "SD1680", "discovery": "INTERNAL"}, "title": "Rockwell Automation Major nonrecoverable fault in 5015 \u2013 AENFTXT", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "5015_aenftxt", "cpes": ["cpe:2.3:a:rockwellautomation:5015_aenftxt:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v2.011", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T14:54:24.869257Z", "id": "CVE-2024-6089", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:57:56.133Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.327Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.327Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6089", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T14:54:24.869257Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rockwellautomation:5015_aenftxt:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "5015_aenftxt", "versions": [{"status": "affected", "version": "v2.011"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:57:48.014Z"}}], "cna": {"title": "Rockwell Automation Major nonrecoverable fault in 5015 \u2013 AENFTXT", "source": {"advisory": "SD1680", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "5015 - AENFTXT", "versions": [{"status": "affected", "version": "v2.011"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Customers using the affected software are encouraged to apply the risk mitigations, if possible.\n\n  *  Update to the corrected firmware revision, v2.012.\n\n\n\n\n  *  For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Customers using the affected software are encouraged to apply the risk mitigations, if possible.</p><ul><li><p>Update to the corrected firmware revision, v2.012.</p></li></ul><ul><li><p>For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best practices</a>&nbsp;to minimize the risk of the vulnerability.</p></li></ul>", "base64": false}]}], "datePublic": "2024-07-16T13:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An input validation vulnerability exists in the Rockwell Automation\u00a05015 - AENFTXT\u00a0when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An input validation vulnerability exists in the Rockwell Automation&nbsp;5015 - AENFTXT&nbsp;when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. &nbsp;</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20:  Improper Input Validation"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-07-16T17:10:21.810Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6089", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:33:04.327Z", "dateReserved": "2024-06-17T18:12:51.583Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-07-16T17:10:21.810Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:5015-aenftxt_firmware:2.011:*:*:*:*:*:*:*", "matchCriteriaId": "436F7BB7-A8CA-4E00-9F42-6DDB0D995E09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:5015-aenftxt:-:*:*:*:*:*:*:*", "matchCriteriaId": "C699B471-D2E4-4B2F-B0A4-6045B8170354", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An input validation vulnerability exists in the Rockwell Automation\u00a05015 - AENFTXT\u00a0when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product."}, {"lang": "es", "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada en Rockwell Automation 5015 - AENFTXT cuando se env\u00eda un paquete PTP manipulado, lo que provoca que el adaptador secundario genere una falla importante no recuperable. Si se explota, se requiere un ciclo de energ\u00eda para recuperar el producto."}], "id": "CVE-2024-6089", "lastModified": "2024-11-21T09:48:56.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-07-16T17:15:11.817", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Vendor Advisory"], "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1680.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}