Analysis Summary

CVE-2024-9412 CVSS:8.4

An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to.

CVE-2024-9124 CVSS:8.2

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.

CVE-2024-8626 CVSS:8.7

Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover.

Impact

• Denial of Service
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-9412
• CVE-2024-9124
• CVE-2024-8626

Affected Vendors

Affected Products

• Rockwell Automation Verve Asset Manager - All versions < 1.38
• Rockwell Automation Drives - PowerFlex 6000T - 8.001 - 8.002 - 9.001
• Rockwell Automation CompactLogix 5380 controllers - v33.011
• Rockwell Automation Compact GuardLogix® 5380 controllers - v33.011
• Rockwell Automation CompactLogix 5480 controllers - v33.011
• Rockwell Automation GuardLogix 5580 controllers - v33.011

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-9412

CVE-2024-9124

CVE-2024-8626