CVE-2024-3493

moderate-risk
Published 2024-04-15

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (8)

Controllogix 5580 Firmware
Guardlogix 5580 Firmware
Compactlogix 5380 Firmware
Compact Guardlogix 5380 Firmware
1756-En4Tr Firmware
Controllogix 5580 Process Firmware
Compactlogix 5380 Process Firmware
Compactlogix 5480 Firmware

Affected Vendors

Rockwellautomation

References (2)

Broken Link https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html
Broken Link https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html
43
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 0/34 · Minimal
Exposure 14/34 · Moderate