Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for PLC - Micro850/870 (2080 -L50E/2080 -L70E) by Rockwell Automation

    CVE-2024-7567 (GCVE-0-2024-7567)

    Vulnerability from nvd – Published: 2024-08-13 17:51 – Updated: 2024-08-13 18:37
    VLAI
    Title
    Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port
    Summary
    A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation PLC - Micro850/870 (2080 -L50E/2080 -L70E) Affected: v20.011
    Create a notification for this product.
    rockwellautomation micro850_firmware Affected: 20.011 , < 22.011 (custom)
        cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    rockwellautomation micro870_firmware Affected: 20.011 , < 22.011 (custom)
        cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 17:47
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micro850_firmware",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "22.011",
                    "status": "affected",
                    "version": "20.011",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micro870_firmware",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "22.011",
                    "status": "affected",
                    "version": "20.011",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:35:00.903567Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T18:37:13.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PLC - Micro850/870 (2080 -L50E/2080 -L70E)",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v20.011"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T17:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.\u003c/span\u003e"
                }
              ],
              "value": "A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-124",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-124 Shared Resource Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T17:51:45.882Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1684.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate to the corrected version:\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev22.011 or later.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers using the affected software are encouraged to apply security best practices, if possible.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Update to the corrected version:\u00a0\n\nv22.011 or later.\u00a0\n\n\n\n\nCustomers using the affected software are encouraged to apply security best practices, if possible.\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability"
            }
          ],
          "source": {
            "advisory": "SD1684",
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-7567",
        "datePublished": "2024-08-13T17:51:45.882Z",
        "dateReserved": "2024-08-06T17:59:43.596Z",
        "dateUpdated": "2024-08-13T18:37:13.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7567 (GCVE-0-2024-7567)

    Vulnerability from cvelistv5 – Published: 2024-08-13 17:51 – Updated: 2024-08-13 18:37
    VLAI
    Title
    Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port
    Summary
    A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation PLC - Micro850/870 (2080 -L50E/2080 -L70E) Affected: v20.011
    Create a notification for this product.
    rockwellautomation micro850_firmware Affected: 20.011 , < 22.011 (custom)
        cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    rockwellautomation micro870_firmware Affected: 20.011 , < 22.011 (custom)
        cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 17:47
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micro850_firmware",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "22.011",
                    "status": "affected",
                    "version": "20.011",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "micro870_firmware",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "lessThan": "22.011",
                    "status": "affected",
                    "version": "20.011",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:35:00.903567Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T18:37:13.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PLC - Micro850/870 (2080 -L50E/2080 -L70E)",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "v20.011"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T17:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.\u003c/span\u003e"
                }
              ],
              "value": "A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-124",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-124 Shared Resource Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T17:51:45.882Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1684.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate to the corrected version:\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev22.011 or later.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eCustomers using the affected software are encouraged to apply security best practices, if possible.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Update to the corrected version:\u00a0\n\nv22.011 or later.\u00a0\n\n\n\n\nCustomers using the affected software are encouraged to apply security best practices, if possible.\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested  security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability"
            }
          ],
          "source": {
            "advisory": "SD1684",
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-7567",
        "datePublished": "2024-08-13T17:51:45.882Z",
        "dateReserved": "2024-08-06T17:59:43.596Z",
        "dateUpdated": "2024-08-13T18:37:13.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }