CVE-2024-5659 - Vulnerability Details - OpenCVE

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-06-14T16:42:20.699Z

Updated: 2024-08-01T21:18:06.865Z

Reserved: 2024-06-05T16:47:18.275Z

Link: CVE-2024-5659

Vulnrichment

Updated: 2024-08-01T21:18:06.865Z

NVD

Status : Awaiting Analysis

Published: 2024-06-14T17:15:51.600

Modified: 2024-11-21T09:48:06.543

Link: CVE-2024-5659

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5659", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2024-06-05T16:47:18.275Z", "datePublished": "2024-06-14T16:42:20.699Z", "dateUpdated": "2024-08-01T21:18:06.865Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ControlLogix\u00ae 5580", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "GuardLogix 5580", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "1756-EN4", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "4.001"}]}, {"defaultStatus": "unaffected", "product": "CompactLogix 5380", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "Compact GuardLogix 5380", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}, {"defaultStatus": "unaffected", "product": "CompactLogix 5480", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "34.011"}]}], "datePublic": "2024-06-13T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending </span><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">abnormal packets to the </a><a target=\"_blank\" rel=\"nofollow\">mDNS port. </a><span style=\"background-color: rgb(255, 255, 255);\">If exploited, the availability of the device would be compromised.</span>\n\n"}], "value": "Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port.\u00a0If exploited, the availability of the device would be compromised."}], "impacts": [{"capecId": "CAPEC-624", "descriptions": [{"lang": "en", "value": "CAPEC-624 Hardware Fault Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-06-14T16:42:20.699Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<table><tbody><tr><td><p>Affected Product</p></td><td><p>First Known in firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>ControlLogix\u00ae 5580</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later</p></td></tr><tr><td><p>GuardLogix 5580</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later </p></td></tr><tr><td><p>1756-EN4</p></td><td><p>V4.001</p></td><td><p>V6.001 and later</p></td></tr><tr><td><p>CompactLogix 5380</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later </p></td></tr><tr><td><p><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Compact GuardLogix </a><b> </b>5380</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later </p></td></tr><tr><td><p>CompactLogix 5480</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later</p></td></tr></tbody></table><br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.</p><p>\u00b7       Users who do not use <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Automatic Policy Deployment (APD)</a> should block <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">mDNS port, 5353</a> to help prevent communication.</p><p>\u00b7       Enable CIP <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Security. </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf\">CIP Security with Rockwell Automation Products Application Technique</a></p><p>\u00b7       <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>"}], "value": "Affected Product\n\nFirst Known in firmware revision\n\nCorrected in firmware revision\n\nControlLogix\u00ae 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\nGuardLogix 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\n1756-EN4\n\nV4.001\n\nV6.001 and later\n\nCompactLogix 5380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompact GuardLogix \u00a05380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompactLogix 5480\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Users who do not use CIP Security with Rockwell Automation Products Application Technique https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"}], "source": {"discovery": "EXTERNAL"}, "title": "Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rockwellautomation", "product": "controllogix_5580", "cpes": ["cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "guardlogix_5580", "cpes": ["cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "1756_en4", "cpes": ["cpe:2.3:a:rockwellautomation:1756_en4:0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.001", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "compact_logix_5480", "cpes": ["cpe:2.3:a:rockwellautomation:compact_logix_5480:34.011:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "compact_guardlogix_5480", "cpes": ["cpe:2.3:a:rockwellautomation:compact_guardlogix_5480:34.011:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "34.011", "status": "affected"}]}, {"vendor": "rockwellautomation", "product": "compactlogix", "cpes": ["cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5480", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-15T19:57:53.882617Z", "id": "CVE-2024-5659", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-15T20:23:20.243Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.865Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.865Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5659", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-15T19:57:53.882617Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:rockwellautomation:controllogix_5580:-:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "controllogix_5580", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:rockwellautomation:guardlogix_5580:-:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "guardlogix_5580", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:rockwellautomation:1756_en4:0:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "1756_en4", "versions": [{"status": "affected", "version": "4.001"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:rockwellautomation:compact_logix_5480:34.011:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compact_logix_5480", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:rockwellautomation:compact_guardlogix_5480:34.011:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compact_guardlogix_5480", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*"], "vendor": "rockwellautomation", "product": "compactlogix", "versions": [{"status": "affected", "version": "5480"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-15T20:01:15.688Z"}}], "cna": {"title": "Rockwell Automation Multicast Request Causes major nonrecoverable fault on Select Controllers", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-624", "descriptions": [{"lang": "en", "value": "CAPEC-624 Hardware Fault Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "ControlLogix\u00ae 5580", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "GuardLogix 5580", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "1756-EN4", "versions": [{"status": "affected", "version": "4.001"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "CompactLogix 5380", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "Compact GuardLogix 5380", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "CompactLogix 5480", "versions": [{"status": "affected", "version": "34.011"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Affected Product\n\nFirst Known in firmware revision\n\nCorrected in firmware revision\n\nControlLogix\u00ae 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\nGuardLogix 5580\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\n1756-EN4\n\nV4.001\n\nV6.001 and later\n\nCompactLogix 5380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompact GuardLogix \u00a05380\n\nV34.011\n\nV34.014, V35.013, V36.011 and later \n\nCompactLogix 5480\n\nV34.011\n\nV34.014, V35.013, V36.011 and later\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.\n\n\u00b7 \u00a0 \u00a0 \u00a0 Users who do not use CIP Security with Rockwell Automation Products Application Technique https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight", "supportingMedia": [{"type": "text/html", "value": "\n\n<table><tbody><tr><td><p>Affected Product</p></td><td><p>First Known in firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>ControlLogix\u00ae 5580</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later</p></td></tr><tr><td><p>GuardLogix 5580</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later </p></td></tr><tr><td><p>1756-EN4</p></td><td><p>V4.001</p></td><td><p>V6.001 and later</p></td></tr><tr><td><p>CompactLogix 5380</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later </p></td></tr><tr><td><p><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Compact GuardLogix </a><b> </b>5380</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later </p></td></tr><tr><td><p>CompactLogix 5480</p></td><td><p>V34.011</p></td><td><p>V34.014, V35.013, V36.011 and later</p></td></tr></tbody></table><br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply the risk mitigations, where possible.</p><p>\u00b7       Users who do not use <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Automatic Policy Deployment (APD)</a> should block <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">mDNS port, 5353</a> to help prevent communication.</p><p>\u00b7       Enable CIP <a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">Security. </a><a target=\"_blank\" rel=\"nofollow\" href=\"https://literature.rockwellautomation.com/idc/groups/literature/documents/at/secure-at001_-en-p.pdf\">CIP Security with Rockwell Automation Products Application Technique</a></p><p>\u00b7       <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>", "base64": false}]}], "datePublic": "2024-06-13T13:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port.\u00a0If exploited, the availability of the device would be compromised.", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending </span><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\"></a><a target=\"_blank\" rel=\"nofollow\">abnormal packets to the </a><a target=\"_blank\" rel=\"nofollow\">mDNS port. </a><span style=\"background-color: rgb(255, 255, 255);\">If exploited, the availability of the device would be compromised.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2024-06-14T16:42:20.699Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5659", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:18:06.865Z", "dateReserved": "2024-06-05T16:47:18.275Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2024-06-14T16:42:20.699Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port.\u00a0If exploited, the availability of the device would be compromised."}, {"lang": "es", "value": "Rockwell Automation fue informado de una vulnerabilidad que hace que todos los controladores afectados en la misma red produzcan una falla importante no recuperable (MNRF/Assert). Esta vulnerabilidad podr\u00eda explotarse enviando paquetes anormales al puerto mDNS. Si se explota, la disponibilidad del dispositivo se ver\u00eda comprometida."}], "id": "CVE-2024-5659", "lastModified": "2024-11-21T09:48:06.543", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2024-06-14T17:15:51.600", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1673.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}