Rockwell ControlLogix and GuardLogix Controllers Denial of Service (CVE-2024-21916)

2024-02-0900:00:00

www.tenable.com

vulnerability

denial of service

rockwell automation

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

17.9%

JSON

A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501956);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/02");

  script_cve_id("CVE-2024-21916");

  script_name(english:"Rockwell ControlLogix and GuardLogix Controllers Denial of Service (CVE-2024-21916)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A denial-of-service vulnerability exists in specific Rockwell
Automation ControlLogix ang GuardLogix controllers. If exploited, the
product could potentially experience a major nonrecoverable fault
(MNRF). The device will restart itself to recover from the MNRF.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-21916");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:controllogix_5570_firmware:20.011");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rockwellautomation:guardlogix_5570_firmware:20.011");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/o:rockwellautomation:controllogix_5570_firmware:20.011" :
        {"versionEndExcluding" : "33.016", "versionStartIncluding" : "20.011", "family" : "ControlLogix5570"},
    "cpe:/o:rockwellautomation:guardlogix_5570_firmware:20.011" :
        {"versionEndExcluding" : "33.016", "versionStartIncluding" : "20.011", "family" : "GuardLogix5570"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);