Vulnerability Description
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Compactlogix 5380 Firmware | >= 33.011, < 33.015 |
| Rockwellautomation | Compactlogix 5380 | - |
| Rockwellautomation | Compact Guardlogix 5380 Firmware | >= 33.011, < 33.015 |
| Rockwellautomation | Compact Guardlogix 5380 | - |
| Rockwellautomation | Compactlogix 5480 Firmware | >= 33.011, < 33.015 |
| Rockwellautomation | Compactlogix 5480 | - |
| Rockwellautomation | Controllogix 5580 Firmware | >= 33.011, < 33.015 |
| Rockwellautomation | Controllogix 5580 | - |
| Rockwellautomation | Guardlogix 5580 Firmware | >= 33.011, < 33.015 |
| Rockwellautomation | Guardlogix 5580 | - |
| Rockwellautomation | 1756-En4Tr Firmware | 3.002 |
| Rockwellautomation | 1756-En4Tr | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-8626?
CVE-2024-8626 is a vulnerability with a CVSS score of 7.5 (HIGH). Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certai...
How severe is CVE-2024-8626?
CVE-2024-8626 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8626?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Compactlogix 5380 Firmware, Rockwellautomation Compactlogix 5380, Rockwellautomation Compact Guardlogix 5380 Firmware, Rockwellautomation Compact Guardlogix 5380, Rockwellautomation Compactlogix 5480 Firmware.