Product:

Compactlogix_5380_firmware

(Rockwellautomation)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 7
Date Id Summary Products Score Patch Annotated
2022-04-01 CVE-2022-1159 Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware 7.2
2022-04-11 CVE-2022-1161 An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other. Compact_guardlogix_5370_firmware, Compact_guardlogix_5380_firmware, Compactlogix_1768\-L43_firmware, Compactlogix_1768\-L45_firmware, Compactlogix_1769\-L31_firmware, Compactlogix_1769\-L32c_firmware, Compactlogix_1769\-L32e_firmware, Compactlogix_1769\-L35cr_firmware, Compactlogix_1769\-L35e_firmware, Compactlogix_5370_l1_firmware, Compactlogix_5370_l2_firmware, Compactlogix_5370_l3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5550_firmware, Controllogix_5560_firmware, Controllogix_5570_firmware, Controllogix_5580_firmware, Drivelogix_5730_firmware, Flexlogix_1794\-L34_firmware, Guardlogix_5560_firmware, Guardlogix_5570_firmware, Guardlogix_5580_firmware, Softlogix_5800_firmware 9.8
2022-06-02 CVE-2022-1797 A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. Compact_guardlogix_5370_firmware, Compact_guardlogix_5380_firmware, Compactlogix_5370_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5570_firmware, Controllogix_5580_firmware, Guardlogix_5570_firmware, Guardlogix_5580_firmware 8.6
2022-12-19 CVE-2022-3752 An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. Compact_guardlogix_5380_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Compactlogix_5580_firmware, Guardlogix_5580_firmware 7.5
2024-10-14 CVE-2024-6207 CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation. To recover the controllers, a download is required which ends any process that the controller is running. Compact_guardlogix_5380_sil_2_firmware, Compact_guardlogix_5380_sil_3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Controllogix_5580_process_firmware, Factorytalk_logix_echo_firmware, Guardlogix_5580_firmware 7.5
2024-09-12 CVE-2024-6077 A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. 1756\-En4_firmware, Compact_guardlogix_5380_sil_2_firmware, Compact_guardlogix_5380_sil_3_firmware, Compactlogix_5380_firmware, Compactlogix_5480_firmware, Controllogix_5580_firmware, Guardlogix_5580_firmware 7.5
2017-05-06 CVE-2017-6024 A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. Compactlogix_5380_firmware, Controllogix_5580_firmware 5.9