{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6242", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-06-21T12:21:00.689Z", "datePublished": "2024-08-01T15:15:32.220Z", "dateUpdated": "2024-08-01T18:01:01.646Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ControlLogix\u00ae 5580 (1756-L8z)", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "V28"}]}, {"defaultStatus": "unaffected", "product": "GuardLogix\u00ae 5580 (1756-L8zS)", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "V31"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "V2"}]}, {"defaultStatus": "unaffected", "platforms": ["Series A/B/C"], "product": "1756-EN2T", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}]}, {"defaultStatus": "unaffected", "platforms": ["Series A/B"], "product": "1756-EN2F", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}]}, {"defaultStatus": "unaffected", "platforms": ["Series A/B"], "product": "1756-EN2TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}]}, {"defaultStatus": "unaffected", "platforms": ["Series B"], "product": "1756-EN3TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}]}, {"defaultStatus": "unaffected", "platforms": ["Series D"], "product": "1756-EN2T", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "1756-EN2T/D: V10.006"}]}, {"defaultStatus": "unaffected", "product": "1756-EN2F", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "1756-EN2F/C: V10.009"}]}, {"defaultStatus": "unaffected", "platforms": ["Series C"], "product": "1756-EN2TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "1756-EN2TR/C: V10.007"}]}, {"defaultStatus": "unaffected", "platforms": ["Series B"], "product": "1756-EN3TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "1756-EN3TR/B: V10.007"}]}, {"defaultStatus": "unaffected", "platforms": ["Series A"], "product": "1756-EN2TP", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "1756-EN2TP/A: V10.020"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Claroty reported this vulnerability."}], "datePublic": "2024-08-01T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. &nbsp;</span>"}], "value": "A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis."}], "impacts": [{"capecId": "CAPEC-216", "descriptions": [{"lang": "en", "value": "CAPEC-216 Communication Channel Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-420", "description": "CWE-420: Unprotected Alternate Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-08-01T15:15:32.220Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html"}], "source": {"advisory": "SD1682", "discovery": "EXTERNAL"}, "title": "Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n</p><table><tbody><tr><td><div><div><p>Affected Product </p></div></div></td><td><div><div><p>First Known in Firmware Revision </p></div></div></td><td><div><div><p>Corrected in Firmware Revision </p></div></div></td></tr><tr><td><div><div><p>ControlLogix\u00ae 5580 (1756-L8z) </p></div></div></td><td><div><div><p>V28 </p></div></div></td><td><div><div><p>V32.016, V33.015, V34.014, &nbsp;<br>V35.011 and later </p></div><div><p>&nbsp;</p></div></div></td></tr><tr><td><div><div><p>GuardLogix\u00ae 5580 (1756-L8zS) </p></div></div></td><td><div><div><p>V31 </p></div></div></td><td><div><div><p>V32.016, V33.015, V34.014, &nbsp;<br>V35.011 and later </p></div></div></td></tr><tr><td><div><div><p>1756-EN4TR </p></div></div></td><td><div><div><p>V2 </p></div></div></td><td><div><div><p>V5.001 and later </p></div></div></td></tr><tr><td><div><div><p>1756-EN2T, Series A/B/C </p></div><div><p>1756-EN2F, Series A/B </p></div><div><p>1756-EN2TR, Series A/B </p></div><div><p>1756-EN3TR, Series B </p></div></div></td><td><div><div><p>v5.007(unsigned)/v5.027(signed) </p></div></div></td><td><div><div><p>No fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability </p></div></div></td></tr><tr><td><div><div><p>1756-EN2T, Series D </p></div><div><p>1756-EN2F, Series C </p></div><div><p>1756-EN2TR, Series C </p></div><div><p>1756-EN3TR, Series B </p></div><div><p>1756-EN2TP, Series A </p></div></div></td><td><div><div><p>1756-EN2T/D: V10.006 </p></div><div><p>1756-EN2F/C: V10.009 </p></div><div><p>1756-EN2TR/C: V10.007 </p></div><div><p>1756-EN3TR/B: V10.007 </p></div><div><p>1756-EN2TP/A: V10.020 </p></div></div></td><td><div><div><p>V12.001 and later </p></div></div></td></tr></tbody></table>\n\n<br><p></p><p>\n\n</p><div><div><p><span style=\"background-color: rgb(255, 255, 255);\">Users using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f</span>\u202f&nbsp;</p></div><div><ul><li><p>Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. </p></li></ul></div></div><div><div><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul></div></div><p></p>"}], "value": "Affected Product \n\n\n\n\n\nFirst Known in Firmware Revision \n\n\n\n\n\nCorrected in Firmware Revision \n\n\n\n\n\nControlLogix\u00ae 5580 (1756-L8z) \n\n\n\n\n\nV28 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\u00a0\n\n\n\n\n\nGuardLogix\u00ae 5580 (1756-L8zS) \n\n\n\n\n\nV31 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\n\n1756-EN4TR \n\n\n\n\n\nV2 \n\n\n\n\n\nV5.001 and later \n\n\n\n\n\n1756-EN2T, Series A/B/C \n\n\n\n1756-EN2F, Series A/B \n\n\n\n1756-EN2TR, Series A/B \n\n\n\n1756-EN3TR, Series B \n\n\n\n\n\nv5.007(unsigned)/v5.027(signed) \n\n\n\n\n\nNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \n\n\n\n\n\n1756-EN2T, Series D \n\n\n\n1756-EN2F, Series C \n\n\n\n1756-EN2TR, Series C \n\n\n\n1756-EN3TR, Series B \n\n\n\n1756-EN2TP, Series A \n\n\n\n\n\n1756-EN2T/D: V10.006 \n\n\n\n1756-EN2F/C: V10.009 \n\n\n\n1756-EN2TR/C: V10.007 \n\n\n\n1756-EN3TR/B: V10.007 \n\n\n\n1756-EN2TP/A: V10.020 \n\n\n\n\n\nV12.001 and later \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f\u202f\u00a0\n\n\n\n * Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \n\n\n\n\n\n\n\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T18:00:51.414361Z", "id": "CVE-2024-6242", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:01:01.646Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6242", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T18:00:51.414361Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:00:57.404Z"}}], "cna": {"title": "Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices", "source": {"advisory": "SD1682", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Claroty reported this vulnerability."}], "impacts": [{"capecId": "CAPEC-216", "descriptions": [{"lang": "en", "value": "CAPEC-216 Communication Channel Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "ControlLogix\u00ae 5580 (1756-L8z)", "versions": [{"status": "affected", "version": "V28"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "GuardLogix\u00ae 5580 (1756-L8zS)", "versions": [{"status": "affected", "version": "V31"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN4TR", "versions": [{"status": "affected", "version": "V2"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2T", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}], "platforms": ["Series A/B/C"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2F", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}], "platforms": ["Series A/B"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2TR", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}], "platforms": ["Series A/B"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN3TR", "versions": [{"status": "affected", "version": "v5.007(unsigned)/v5.027(signed)"}], "platforms": ["Series B"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2T", "versions": [{"status": "affected", "version": "1756-EN2T/D: V10.006"}], "platforms": ["Series D"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2F", "versions": [{"status": "affected", "version": "1756-EN2F/C: V10.009"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2TR", "versions": [{"status": "affected", "version": "1756-EN2TR/C: V10.007"}], "platforms": ["Series C"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN3TR", "versions": [{"status": "affected", "version": "1756-EN3TR/B: V10.007"}], "platforms": ["Series B"], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN2TP", "versions": [{"status": "affected", "version": "1756-EN2TP/A: V10.020"}], "platforms": ["Series A"], "defaultStatus": "unaffected"}], "datePublic": "2024-08-01T13:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html"}], "workarounds": [{"lang": "en", "value": "Affected Product \n\n\n\n\n\nFirst Known in Firmware Revision \n\n\n\n\n\nCorrected in Firmware Revision \n\n\n\n\n\nControlLogix\u00ae 5580 (1756-L8z) \n\n\n\n\n\nV28 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\u00a0\n\n\n\n\n\nGuardLogix\u00ae 5580 (1756-L8zS) \n\n\n\n\n\nV31 \n\n\n\n\n\nV32.016, V33.015, V34.014, \u00a0\nV35.011 and later \n\n\n\n\n\n1756-EN4TR \n\n\n\n\n\nV2 \n\n\n\n\n\nV5.001 and later \n\n\n\n\n\n1756-EN2T, Series A/B/C \n\n\n\n1756-EN2F, Series A/B \n\n\n\n1756-EN2TR, Series A/B \n\n\n\n1756-EN3TR, Series B \n\n\n\n\n\nv5.007(unsigned)/v5.027(signed) \n\n\n\n\n\nNo fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability \n\n\n\n\n\n1756-EN2T, Series D \n\n\n\n1756-EN2F, Series C \n\n\n\n1756-EN2TR, Series C \n\n\n\n1756-EN3TR, Series B \n\n\n\n1756-EN2TP, Series A \n\n\n\n\n\n1756-EN2T/D: V10.006 \n\n\n\n1756-EN2F/C: V10.009 \n\n\n\n1756-EN2TR/C: V10.007 \n\n\n\n1756-EN3TR/B: V10.007 \n\n\n\n1756-EN2TP/A: V10.020 \n\n\n\n\n\nV12.001 and later \n\n\n\n\n\n\n\n\n\n\n\n\n\n\nUsers using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f\u202f\u00a0\n\n\n\n * Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. \n\n\n\n\n\n\n\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "<p>\n\n</p><table><tbody><tr><td><div><div><p>Affected Product </p></div></div></td><td><div><div><p>First Known in Firmware Revision </p></div></div></td><td><div><div><p>Corrected in Firmware Revision </p></div></div></td></tr><tr><td><div><div><p>ControlLogix\u00ae 5580 (1756-L8z) </p></div></div></td><td><div><div><p>V28 </p></div></div></td><td><div><div><p>V32.016, V33.015, V34.014, &nbsp;<br>V35.011 and later </p></div><div><p>&nbsp;</p></div></div></td></tr><tr><td><div><div><p>GuardLogix\u00ae 5580 (1756-L8zS) </p></div></div></td><td><div><div><p>V31 </p></div></div></td><td><div><div><p>V32.016, V33.015, V34.014, &nbsp;<br>V35.011 and later </p></div></div></td></tr><tr><td><div><div><p>1756-EN4TR </p></div></div></td><td><div><div><p>V2 </p></div></div></td><td><div><div><p>V5.001 and later </p></div></div></td></tr><tr><td><div><div><p>1756-EN2T, Series A/B/C </p></div><div><p>1756-EN2F, Series A/B </p></div><div><p>1756-EN2TR, Series A/B </p></div><div><p>1756-EN3TR, Series B </p></div></div></td><td><div><div><p>v5.007(unsigned)/v5.027(signed) </p></div></div></td><td><div><div><p>No fix is available for Series A/B/C. Users can upgrade to Series D to remediate this vulnerability </p></div></div></td></tr><tr><td><div><div><p>1756-EN2T, Series D </p></div><div><p>1756-EN2F, Series C </p></div><div><p>1756-EN2TR, Series C </p></div><div><p>1756-EN3TR, Series B </p></div><div><p>1756-EN2TP, Series A </p></div></div></td><td><div><div><p>1756-EN2T/D: V10.006 </p></div><div><p>1756-EN2F/C: V10.009 </p></div><div><p>1756-EN2TR/C: V10.007 </p></div><div><p>1756-EN3TR/B: V10.007 </p></div><div><p>1756-EN2TP/A: V10.020 </p></div></div></td><td><div><div><p>V12.001 and later </p></div></div></td></tr></tbody></table>\n\n<br><p></p><p>\n\n</p><div><div><p><span style=\"background-color: rgb(255, 255, 255);\">Users using the affected firmware and who are not able to upgrade to one of the corrected versions are encouraged to apply the following mitigation and security best practices, where possible.\u202f</span>\u202f&nbsp;</p></div><div><ul><li><p>Limit the allowed CIP commands on controllers by setting the mode switch to the RUN position. </p></li></ul></div></div><div><div><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul></div></div><p></p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis. &nbsp;</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-420", "description": "CWE-420: Unprotected Alternate Channel"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-08-01T15:15:32.220Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6242", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:01:01.646Z", "dateReserved": "2024-06-21T12:21:00.689Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-08-01T15:15:32.220Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted\u00ae Slot feature in a ControlLogix\u00ae controller. If exploited on any affected module in a 1756 chassis, a threat actor could potentially execute CIP commands that modify user projects and/or device configuration on a Logix controller in the chassis."}, {"lang": "es", "value": " Existe una vulnerabilidad en los productos afectados de Rockwell Automation que permite a un actor de amenazas eludir la funci\u00f3n Trusted\u00ae Slot en un controlador ControlLogix\u00ae. Si se explota en cualquier m\u00f3dulo afectado en un chasis 1756, un actor de amenazas podr\u00eda potencialmente ejecutar comandos CIP que modifiquen los proyectos de usuario y/o la configuraci\u00f3n del dispositivo en un controlador Logix en el chasis."}], "id": "CVE-2024-6242", "lastModified": "2024-08-01T16:45:25.400", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-08-01T16:15:07.013", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1682.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-420"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}

{}

{}