Vulnerability Details CVE-2024-3493
A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.5%
CVSS Severity
CVSS v3 Score 8.6
References
Products affected by CVE-2024-3493
-
cpe:2.3:h:rockwellautomation:1756-en4tr:-
-
cpe:2.3:h:rockwellautomation:compact_guardlogix_5380:-
-
cpe:2.3:h:rockwellautomation:compactlogix_5380:-
-
cpe:2.3:h:rockwellautomation:compactlogix_5380_process:-
-
cpe:2.3:h:rockwellautomation:compactlogix_5480:-
-
cpe:2.3:h:rockwellautomation:controllogix_5580:-
-
cpe:2.3:h:rockwellautomation:controllogix_5580_process:-
-
cpe:2.3:h:rockwellautomation:guardlogix_5580:-
-
cpe:2.3:o:rockwellautomation:1756-en4tr_firmware:5.001
-
cpe:2.3:o:rockwellautomation:compact_guardlogix_5380_firmware:35.011
-
cpe:2.3:o:rockwellautomation:compactlogix_5380_firmware:35.011
-
cpe:2.3:o:rockwellautomation:compactlogix_5380_process_firmware:35.011
-
cpe:2.3:o:rockwellautomation:compactlogix_5480_firmware:35.011
-
cpe:2.3:o:rockwellautomation:controllogix_5580_firmware:35.011
-
cpe:2.3:o:rockwellautomation:controllogix_5580_process_firmware:35.011
-
cpe:2.3:o:rockwellautomation:guardlogix_5580_firmware:35.011