{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8626", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-09-09T20:33:30.575Z", "datePublished": "2024-10-08T16:35:04.513Z", "dateUpdated": "2024-10-08T17:36:25.719Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CompactLogix 5380 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011 <"}]}, {"defaultStatus": "unaffected", "product": "Compact GuardLogix\u00ae 5380 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011<"}]}, {"defaultStatus": "unaffected", "product": "CompactLogix 5480 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011<"}]}, {"defaultStatus": "unaffected", "product": "GuardLogix 5580 controllers", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v33.011<"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4TR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "v3.002"}]}], "datePublic": "2024-10-08T16:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. </span>"}], "value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover."}], "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124 Shared Resource Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-08T16:35:04.513Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><tbody><tr><td><p><br>Affected Product&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011 &lt;</p><p>&nbsp;</p><p>&nbsp;</p></td><td rowspan=\"5\"><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v33.015 and later for versions 33</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v34.011 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix\u00ae 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4TR</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v3.002</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>4.001 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds </p><p>Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul>\n\n<br>"}], "value": "Affected Product\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011 <\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n * v33.015 and later for versions 33\n\n\n\n\n\u00a0\n\n\u00a0\n\n * v34.011 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix\u00ae 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4TR\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv3.002\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n * 4.001 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nCustomers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"advisory": "SD1706", "discovery": "EXTERNAL"}, "title": "Logix Controllers Vulnerable to Denial-of-Service Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "compactlogix_5380_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.011", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "compact_guardlogix_5380_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.011", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "compactlogix_5480_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.011", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "guardlogix_5580_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "33.001", "status": "affected", "lessThan": "33.015", "versionType": "custom"}]}, {"vendor": "rockwellautomation", "product": "1756-en4tr_firmware", "cpes": ["cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.002", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T17:29:59.695076Z", "id": "CVE-2024-8626", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:36:25.719Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8626", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T17:29:59.695076Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compactlogix_5380_firmware", "versions": [{"status": "affected", "version": "33.011", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compact_guardlogix_5380_firmware", "versions": [{"status": "affected", "version": "33.011", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compactlogix_5480_firmware", "versions": [{"status": "affected", "version": "33.011", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "guardlogix_5580_firmware", "versions": [{"status": "affected", "version": "33.001", "lessThan": "33.015", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:3.002:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "1756-en4tr_firmware", "versions": [{"status": "affected", "version": "3.002"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:35:58.753Z"}}], "cna": {"title": "Logix Controllers Vulnerable to Denial-of-Service Vulnerability", "source": {"advisory": "SD1706", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124 Shared Resource Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "CompactLogix 5380 controllers", "versions": [{"status": "affected", "version": "v33.011 <"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "Compact GuardLogix\u00ae 5380 controllers", "versions": [{"status": "affected", "version": "v33.011<"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "CompactLogix 5480 controllers", "versions": [{"status": "affected", "version": "v33.011<"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "GuardLogix 5580 controllers", "versions": [{"status": "affected", "version": "v33.011<"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN4TR", "versions": [{"status": "affected", "version": "v3.002"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected Product\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Firmware Revision\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011 <\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n * v33.015 and later for versions 33\n\n\n\n\n\u00a0\n\n\u00a0\n\n * v34.011 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix\u00ae 5380 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 controllers\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.011<\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4TR\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv3.002\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n * 4.001 and later\n\n\n\n\n\u00a0\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \n\nCustomers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. \n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "<table><tbody><tr><td><p><br>Affected Product&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Firmware Revision</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011 &lt;</p><p>&nbsp;</p><p>&nbsp;</p></td><td rowspan=\"5\"><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v33.015 and later for versions 33</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>v34.011 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix\u00ae 5380 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 controllers</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.011&lt;</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4TR</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v3.002</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><ul><li><p>4.001 and later</p></li></ul><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds </p><p>Customers using the affected versions are encouraged to upgrade to corrected firmware versions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability. </p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul>\n\n<br>", "base64": false}]}], "datePublic": "2024-10-08T16:24:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. </span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-10-08T16:35:04.513Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8626", "state": "PUBLISHED", "dateUpdated": "2024-10-08T17:36:25.719Z", "dateReserved": "2024-09-09T20:33:30.575Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-10-08T16:35:04.513Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover."}, {"lang": "es", "value": "Debido a una fuga de memoria, existe una vulnerabilidad de denegaci\u00f3n de servicio en los productos afectados de Rockwell Automation. Un agente malintencionado podr\u00eda aprovechar esta vulnerabilidad realizando m\u00faltiples acciones en determinadas p\u00e1ginas web del producto, lo que provocar\u00eda que los productos afectados dejaran de estar disponibles por completo y fuera necesario apagar y encender para recuperarse."}], "id": "CVE-2024-8626", "lastModified": "2024-10-10T12:56:30.817", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-10-08T17:15:56.240", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}

{}