CVE-2024-3493

HIGH

Rockwellautomation Controllogix 5580 ... - Improper Input Validation

Title source: rule

Description

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

References (1)

Core 1

Core References

Broken Link

https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html

Scores

CVSS v3 8.6

EPSS 0.0005

EPSS Percentile 14.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (8)

rockwellautomation/1756-en4tr_firmware 5.001

rockwellautomation/compact_guardlogix_5380_firmware 35.011

rockwellautomation/compactlogix_5380_firmware 35.011

rockwellautomation/compactlogix_5380_process_firmware 35.011

rockwellautomation/compactlogix_5480_firmware 35.011

rockwellautomation/controllogix_5580_firmware 35.011

rockwellautomation/controllogix_5580_process_firmware 35.011

rockwellautomation/guardlogix_5580_firmware 35.011

Published Apr 15, 2024

Tracked Since Feb 18, 2026