Cyber Resilience

CVE-2024-5659

High

Published: 14 June 2024

Published
14 June 2024
Modified
03 March 2025
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0041 61.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5659 is a high-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Rockwellautomation Controllogix 5580 Firmware. Its CVSS base score is 8.3 (High).

Operationally, ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the…

more

availability of the device would be compromised.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rockwellautomation
controllogix 5580 firmware
34.011
rockwellautomation
guardlogix 5580 firmware
34.011
rockwellautomation
1756-en4 firmware
4.001
rockwellautomation
compactlogix 5380 firmware
34.011
rockwellautomation
compact guardlogix 5380 firmware
34.011
rockwellautomation
compactlogix 5480 firmware
34.011

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References