ГлавнаяУязвимости → CVE-2024-8626
7.5высокая

CVE-2024-8626

→ есть в БДУ: BDU:2024-09680 (на русском)
Описание (на английском; русское — в БДУ выше)

Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.

Затрагиваемое ПО
Rockwellautomation Compactlogix 5380 firmwareRockwellautomation Compactlogix 5380Rockwellautomation Compact guardlogix 5380 firmwareRockwellautomation Compact guardlogix 5380Rockwellautomation Compactlogix 5480 firmwareRockwellautomation Compactlogix 5480Rockwellautomation Controllogix 5580 firmwareRockwellautomation Controllogix 5580Rockwellautomation Guardlogix 5580 firmwareRockwellautomation Guardlogix 5580Rockwellautomation 1756-en4tr firmwareRockwellautomation 1756-en4tr
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1706.html