CVE-2024-6207

Improper Input Validation (CWE-20)

Published: Oct 14, 2024 / Updated: 36d ago

010
CVSS 8.7EPSS 0.04%High
CVE info copied to clipboard

Summary

A vulnerability exists in certain Rockwell Automation products, including ControlLogix 5580, GuardLogix, and CompactLogix controllers. This vulnerability allows an attacker to send a specially crafted CIP message to the affected device.

Impact

If exploited, this vulnerability could allow a threat actor to prevent access to legitimate users and end connections to connected devices, including workstations. This could result in a denial of service condition. The impact on availability is high, while there are no direct impacts on confidentiality or integrity.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Information about a specific patch is not provided in the given data. However, to recover the controllers after an attack, a download is required, which ends any process that the controller is running.

Mitigation

Specific mitigation strategies are not provided in the given data. However, general best practices for industrial control systems should be followed, such as network segmentation, limiting network exposure of control devices, and implementing strong access controls. Additionally, monitoring for unusual CIP messages or unexpected disconnections could help detect potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-6207. See article

Oct 10, 2024 at 6:04 PM / CISA
Threat Intelligence Report

CVE-2024-6207 is a vulnerability with a CVSS v3.1 base score of 7.5 and a CVSS v4 base score of 8.7, indicating a significant level of criticality. The details provided do not specify whether it is being exploited in the wild, nor do they mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors or technology. Further investigation would be necessary to assess the full scope and implications of this vulnerability. See article

Oct 10, 2024 at 6:04 PM
CVE Assignment

NVD published the first details for CVE-2024-6207

Oct 14, 2024 at 9:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 15, 2024 at 5:23 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 15, 2024 at 10:16 AM
Static CVE Timeline Graph

Affected Systems

Rockwellautomation/controllogix_5580_process_firmware
+null more

Patches

www.rockwellautomation.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Rockwell Automation ControlLogix
Successful exploitation of this vulnerability could allow an attacker to send a specially crafted CIP message and cause a denial-of-service condition on the affected device. Additionally, Rockwell automation encourages users to apply security best practices to minimize the risk of vulnerability.

News

Rockwell (CVE-2024-6207)
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust- center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. Tenable OT Security Plugin ID 502648 with High Severity
Tenable.ot checks for NVD CVE-2024-6207
Released Last Updated: 10/21/2024 CVEs: CVE-2024-6207 Plugins: 502648
CVE-2024-6207 | Rockwell Automation ControlLogix 5580 CIP Message denial of service
A vulnerability, which was classified as critical , has been found in Rockwell Automation ControlLogix 5580, ControlLogix 5580 Process, GuardLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480 and FactoryTalk Logix Echo . This issue affects some unknown processing of the component CIP Message Handler . The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-6207 . The attack may be initiated remotely. There is no exploit available.
CVE Alert: CVE-2024-6207 - https://www.redpacketsecurity.com/cve_alert_cve-2024-6207/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_6207
CVE Alert: CVE-2024-6207 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_6207
CVE Alert: CVE-2024-6207 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-6207/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_6207
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI