PatchSiren cyber security CVE debrief
CVE-2024-3493 Rockwell Automation CVE debrief
CVE-2024-3493 is a high-severity vulnerability (CVSS 8.6) affecting multiple Rockwell Automation industrial control system products. A specific malformed fragmented packet can trigger a major nonrecoverable fault (MNRF), causing affected devices to become unavailable until manually restarted. This condition may result in loss of view and/or control of connected industrial devices. The vulnerability was initially disclosed on April 16, 2024, with an advisory update (Update A) published on May 9, 2024, that expanded affected products and mitigations. Rockwell Automation has released firmware updates addressing this issue; affected organizations should prioritize patching ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR, Compact GuardLogix 5380, ControlLogix 5580 Process, CompactLogix 5380 Process, and CompactLogix 5480 systems. Given the network-accessible attack vector and potential for operational technology disruption, organizations should apply network segmentation controls for industrial control systems until patches can be deployed.
- Vendor
- Rockwell Automation
- Product
- ControlLogix 5580
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-16
- Original CVE updated
- 2024-05-09
- Advisory published
- 2024-04-16
- Advisory updated
- 2024-05-09
Who should care
Organizations operating Rockwell Automation industrial control systems, particularly in manufacturing, critical infrastructure, and process control environments. Security teams responsible for OT/ICS asset management, network engineers managing industrial Ethernet networks, and operational technology personnel maintaining ControlLogix, GuardLogix, or CompactLogix systems should prioritize assessment and patching.
Technical summary
A malformed fragmented packet vulnerability in Rockwell Automation ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR, Compact GuardLogix 5380, ControlLogix 5580 Process, CompactLogix 5380 Process, and CompactLogix 5480 can cause a major nonrecoverable fault (MNRF). The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H indicates network-based exploitation with low attack complexity, no required privileges or user interaction, and changed scope, resulting in high availability impact. Successful exploitation renders the device unavailable until manual restart and may cause loss of view/control of connected devices. Firmware updates are available to remediate this vulnerability.
Defensive priority
high
Recommended defensive actions
- Apply vendor firmware updates to affected Rockwell Automation products: ControlLogix 5580 to V35.013 or V36.011; GuardLogix 5580 to V35.013 or V36.011; CompactLogix 5380 to V35.013 or V36.011; 1756-EN4TR to V6.001; and V
- Implement network segmentation for industrial control system networks to limit exposure of affected devices to untrusted networks
- Monitor for unexpected device restarts or availability issues in affected Rockwell Automation systems that may indicate exploitation attempts
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
- Consult Rockwell Automation's security advisory for additional product-specific guidance (login required)
- resourceLinkAnnotations:source-item,ref-4,ref-6,ref-9
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-107-03 and its May 9, 2024 Update A revision. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H indicates network-accessible, low-complexity attack with no privileges required. Remediation guidance specifies firmware version updates for each affected product family.
Official resources
-
CVE-2024-3493 CVE record
CVE.org
-
CVE-2024-3493 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-16