CVE-2025-24478 - Vulnerability Details - OpenCVE

A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html

History

Thu, 06 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 30 Jan 2025 21:15:00 +0000

Type	Values Removed	Values Added
Title		5380/5580 Denial-of-Service Vulnerability

Tue, 28 Jan 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.
Weaknesses		CWE-755
References		https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2025-01-28T18:41:30.887Z

Updated: 2025-02-06T21:25:38.074Z

Reserved: 2025-01-21T21:21:03.342Z

Link: CVE-2025-24478

Vulnrichment

Updated: 2025-01-28T18:59:09.952Z

NVD

Status : Received

Published: 2025-01-28T19:15:14.777

Modified: 2025-01-28T19:15:14.777

Link: CVE-2025-24478

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24478", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2025-01-21T21:21:03.342Z", "datePublished": "2025-01-28T18:41:30.887Z", "dateUpdated": "2025-02-06T21:25:38.074Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GuardLogix 5580 SIL 3", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "33.011"}, {"status": "affected", "version": "33.012"}, {"status": "affected", "version": "33.015"}, {"status": "affected", "version": "34.011"}, {"status": "affected", "version": "35.011"}]}, {"defaultStatus": "unaffected", "product": "Compact GuardLogix 5380 SIL 3", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "33.011"}, {"status": "affected", "version": "33.012"}, {"status": "affected", "version": "33.015"}, {"status": "affected", "version": "34.011"}, {"status": "affected", "version": "35.011"}]}], "datePublic": "2025-01-28T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.</span>"}], "value": "A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service."}], "impacts": [{"capecId": "CAPEC-18", "descriptions": [{"lang": "en", "value": "CAPEC-18: Malformed Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2025-01-30T21:06:20.100Z"}, "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the following versions: </span><span style=\"background-color: rgb(255, 255, 255);\"> </span><span style=\"background-color: rgb(255, 255, 255);\">V33.017, V34.014, V35.013, V36.011, and later.</span><br>"}], "value": "Upgrade to the following versions: \u00a0V33.017, V34.014, V35.013, V36.011, and later."}], "source": {"discovery": "INTERNAL"}, "title": "5380/5580 Denial-of-Service Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Restrict Access to the task object via CIP Security and Hard Run.</span><br>"}], "value": "Restrict Access to the task object via CIP Security and Hard Run."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-28T18:59:27.317342Z", "id": "CVE-2025-24478", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T21:25:38.074Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24478", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-28T18:59:27.317342Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T18:59:09.952Z"}}], "cna": {"title": "5380/5580 Denial-of-Service Vulnerability", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-18", "descriptions": [{"lang": "en", "value": "CAPEC-18: Malformed Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rockwell Automation", "product": "GuardLogix 5580 SIL 3", "versions": [{"status": "affected", "version": "33.011"}, {"status": "affected", "version": "33.012"}, {"status": "affected", "version": "33.015"}, {"status": "affected", "version": "34.011"}, {"status": "affected", "version": "35.011"}], "defaultStatus": "unaffected"}, {"vendor": "Rockwell Automation", "product": "Compact GuardLogix 5380 SIL 3", "versions": [{"status": "affected", "version": "33.011"}, {"status": "affected", "version": "33.012"}, {"status": "affected", "version": "33.015"}, {"status": "affected", "version": "34.011"}, {"status": "affected", "version": "35.011"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to the following versions: \u00a0V33.017, V34.014, V35.013, V36.011, and later.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the following versions: </span><span style=\"background-color: rgb(255, 255, 255);\"> </span><span style=\"background-color: rgb(255, 255, 255);\">V33.017, V34.014, V35.013, V36.011, and later.</span><br>", "base64": false}]}], "datePublic": "2025-01-28T14:00:00.000Z", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html"}], "workarounds": [{"lang": "en", "value": "Restrict Access to the task object via CIP Security and Hard Run.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Restrict Access to the task object via CIP Security and Hard Run.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2025-01-30T21:06:20.100Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24478", "state": "PUBLISHED", "dateUpdated": "2025-02-06T21:25:38.074Z", "dateReserved": "2025-01-21T21:21:03.342Z", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "datePublished": "2025-01-28T18:41:30.887Z", "assignerShortName": "Rockwell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service."}], "id": "CVE-2025-24478", "lastModified": "2025-01-28T19:15:14.777", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2025-01-28T19:15:14.777", "references": [{"source": "PSIRT@rockwellautomation.com", "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1718.html"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}