Description
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Rockwell Automation / 1756-EN4TRv3.002 – v3.002
- Rockwell Automation / Compact GuardLogix® 5380 controllersv33.011< – v33.011<
- Rockwell Automation / CompactLogix 5380 controllersv33.011 < – v33.011 <
- Rockwell Automation / CompactLogix 5480 controllersv33.011< – v33.011<
- Rockwell Automation / GuardLogix 5580 controllersv33.011< – v33.011<