Description
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device would be compromised.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
High
Affected products
- Rockwell Automation / 1756-EN44.001 – 4.001
- Rockwell Automation / Compact GuardLogix 538034.011 – 34.011
- Rockwell Automation / CompactLogix 538034.011 – 34.011
- Rockwell Automation / CompactLogix® 548034.011 – 34.011
- Rockwell Automation / ControlLogix® 558034.011 – 34.011
- Rockwell Automation / GuardLogix 558034.011 – 34.011