CVE-2024-3493

Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Invalid Header Value

Description

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices.

Remediation

Solution:

  • Affected Product         First Known in Firmware Revision         Corrected in Firmware Revision         ControlLogix® 5580         V35.011         V35.013, V36.011         GuardLogix 5580         V35.011         V35.013, V36.011         CompactLogix 5380         V35.011         V35.013, V36.011         1756-EN4TR         V5.001         V6.001     Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.   * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight  

Category

8.6
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.11%
Affected: Rockwell Automation ControlLogix 5580
Affected: Rockwell Automation GuardLogix 5580
Affected: Rockwell Automation CompactLogix 5380
Affected: Rockwell Automation 1756-EN4TR
Published at:
Updated at:

References

Link Tags
https://www.rockwellautomation.com/en-us/support/advisory.SD1666.html broken link

Frequently Asked Questions

What is the severity of CVE-2024-3493?
CVE-2024-3493 has been scored as a high severity vulnerability.
How to fix CVE-2024-3493?
To fix CVE-2024-3493: Affected Product         First Known in Firmware Revision         Corrected in Firmware Revision         ControlLogix® 5580         V35.011         V35.013, V36.011         GuardLogix 5580         V35.011         V35.013, V36.011         CompactLogix 5380         V35.011         V35.013, V36.011         1756-EN4TR         V5.001         V6.001     Users using the affected software and who are not able to upgrade to one of the corrected versions are encouraged to apply security best practices, where possible.   * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight  
Is CVE-2024-3493 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-3493 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-3493?
CVE-2024-3493 affects Rockwell Automation ControlLogix 5580, Rockwell Automation GuardLogix 5580, Rockwell Automation CompactLogix 5380, Rockwell Automation 1756-EN4TR.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.