Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Compactlogix_5480_firmware
(Rockwellautomation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-15 | CVE-2024-3493 | A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. | 1756\-En4tr_firmware, Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5380_process_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Controllogix_5580_process_firmware, Guardlogix_5580_firmware | 7.5 | ||
| 2024-08-14 | CVE-2024-7507 | CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller. | Compact_guardlogix_5380_sil_2_firmware, Compact_guardlogix_5380_sil_3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware | 6.5 | ||
| 2024-08-14 | CVE-2024-7515 | CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller. | Compact_guardlogix_5380_sil_2_firmware, Compact_guardlogix_5380_sil_3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware | 7.5 | ||
| 2024-06-14 | CVE-2024-5659 | Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised. | 1756\-En4_firmware, Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware | 6.5 | ||
| 2024-10-08 | CVE-2024-8626 | Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. | 1756\-En4tr_firmware, Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware | 7.5 | ||
| 2022-04-01 | CVE-2022-1159 | Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware | 7.2 | ||
| 2022-04-11 | CVE-2022-1161 | An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. | Compact_guardlogix_5370_firmware, Compact_guardlogix_5380_firmware, Compactlogix_1768\-L43_firmware, Compactlogix_1768\-L45_firmware, Compactlogix_1769\-L31_firmware, Compactlogix_1769\-L32c_firmware, Compactlogix_1769\-L32e_firmware, Compactlogix_1769\-L35cr_firmware, Compactlogix_1769\-L35e_firmware, Compactlogix_5370_l1_firmware, Compactlogix_5370_l2_firmware, Compactlogix_5370_l3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5550_firmware, Controllogix_5560_firmware, Controllogix_5570_firmware, Controllogix_5580_firmware, Drivelogix_5730_firmware, Flexlogix_1794\-L34_firmware, Guardlogix_5560_firmware, Guardlogix_5570_firmware, Guardlogix_5580_firmware, Softlogix_5800_firmware | 9.8 | ||
| 2022-06-02 | CVE-2022-1797 | A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. | Compact_guardlogix_5370_firmware, Compact_guardlogix_5380_firmware, Compactlogix_5370_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5570_firmware, Controllogix_5580_firmware, Guardlogix_5570_firmware, Guardlogix_5580_firmware | 8.6 | ||
| 2022-12-19 | CVE-2022-3752 | An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. | Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Compactlogix_5580_firmware, Guardlogix_5580_firmware | 7.5 | ||
| 2024-10-14 | CVE-2024-6207 | CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running. | Compact_guardlogix_5380_sil_2_firmware, Compact_guardlogix_5380_sil_3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Controllogix_5580_process_firmware, Factorytalk_logix_echo_firmware, Guardlogix_5580_firmware | 7.5 |