CVE-2024-6207

CVE Database · CVE-2024-6207

CVE-2024-6207

· HIGHAnalyzed

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.52%

Published

Oct 14, 2024

Modified

Oct 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20

Affected Products (31)

rockwellautomation · controllogix_5580_firmware (up to 33.017)vulnerable

rockwellautomation · controllogix_5580_firmware (up to 34.014)vulnerable

rockwellautomation · controllogix_5580_firmware (up to 35.013)vulnerable

rockwellautomation · controllogix_5580

rockwellautomation · controllogix_5580_process_firmware (up to 33.017)vulnerable

rockwellautomation · controllogix_5580_process_firmware (up to 34.014)vulnerable

rockwellautomation · controllogix_5580_process_firmware (up to 35.013)vulnerable

rockwellautomation · controllogix_5580_process

References (1)

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

rockwellautomation · guardlogix_5580_firmware (up to 33.017)

rockwellautomation · guardlogix_5580_firmware (up to 34.014)vulnerable

rockwellautomation · guardlogix_5580_firmware (up to 35.013)vulnerable

rockwellautomation · guardlogix_5580

rockwellautomation · compactlogix_5380_firmware (up to 33.017)vulnerable

rockwellautomation · compactlogix_5380_firmware (up to 34.014)vulnerable

rockwellautomation · compactlogix_5380_firmware (up to 35.013)vulnerable

rockwellautomation · compactlogix_5380

rockwellautomation · compact_guardlogix_5380_sil_2_firmware (up to 33.017)vulnerable

rockwellautomation · compact_guardlogix_5380_sil_2_firmware (up to 34.014)vulnerable

rockwellautomation · compact_guardlogix_5380_sil_2_firmware (up to 35.013)vulnerable

rockwellautomation · compact_guardlogix_5380_sil_2

rockwellautomation · compact_guardlogix_5380_sil_3_firmware (up to 33.017)vulnerable

rockwellautomation · compact_guardlogix_5380_sil_3_firmware (up to 34.014)vulnerable

rockwellautomation · compact_guardlogix_5380_sil_3_firmware (up to 35.013)vulnerable

rockwellautomation · compact_guardlogix_5380_sil_3

rockwellautomation · compactlogix_5480_firmware (up to 33.017)vulnerable

rockwellautomation · compactlogix_5480_firmware (up to 34.014)vulnerable

rockwellautomation · compactlogix_5480_firmware (up to 35.013)vulnerable

rockwellautomation · compactlogix_5480

rockwellautomation · factorytalk_logix_echo_firmware (up to 34.014)vulnerable

rockwellautomation · factorytalk_logix_echo_firmware (up to 35.013)vulnerable

rockwellautomation · factorytalk_logix_echo