{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-6077",
        "ASSIGNER": "PSIRT@rockwellautomation.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20 Improper Input Validation",
                        "cweId": "CWE-20"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Rockwell Automation",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "CompactLogix 5380",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.32 .011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "CompactLogix 5380 Process",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.33.011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Compact GuardLogix 5380 SIL 2",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.32.013"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Compact GuardLogix 5380 SIL 3",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.32.011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "CompactLogix 5480",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.32.011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "ControlLogix\u00ae 5580",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.32.011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "ControlLogix\u00ae 5580 Process",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.33.011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "GuardLogix 5580",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v.32.011"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "1756-EN4",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v2.001"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html",
                "refsource": "MISC",
                "name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1963.html"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "advisory": "SD1963",
        "discovery": "INTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<table><tbody><tr><td><p>Affected Family </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in Software/Firmware Version</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Software/Firmware Version</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32 .011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 Process </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.33.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix 5380 SIL 2 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.013</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix 5380 SIL 3 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix\u00ae 5580 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix\u00ae 5580 Process </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.33.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v2.001</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v6.001 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><p>&nbsp;</p>\n\n\n\n<p>Mitigations and Workarounds <br>Customers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. </p><ul><li><p>Users who do not wish to use CIP security can disable the feature per device. See \"Disable CIP Security\" in Chapter 2 of \"CIP Security with Rockwell Automation Products\" (publication SECURE-AT001)</p></li></ul><p>For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best practices</a>&nbsp;to minimize the risk of the vulnerability. Customers can use <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc\">Stakeholder-Specific Vulnerability Categorization</a>&nbsp;to generate more environment-specific prioritization.</p>\n\n<br>"
                }
            ],
            "value": "Affected Family \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in Software/Firmware Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software/Firmware Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32 .011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 Process \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.33.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix 5380 SIL 2 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.013\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix 5380 SIL 3 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix\u00ae 5580 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix\u00ae 5580 Process \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.33.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv2.001\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv6.001 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\n\n\n\nMitigations and Workarounds \nCustomers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. \n\n  *  Users who do not wish to use CIP security can disable the feature per device. See \"Disable CIP Security\" in Chapter 2 of \"CIP Security with Rockwell Automation Products\" (publication SECURE-AT001)\n\n\n\n\nFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability. Customers can use  Stakeholder-Specific Vulnerability Categorization https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc \u00a0to generate more environment-specific prioritization."
        }
    ]
}