Rockwell RSLogix 5/500 VBA Remote Code Execution Vulnerability (CVE-2024-7847)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: SD1701 2. Severity: High 3. Vulnerability ID: SD1701 4. CVE ID: CVE-2024-7847 5. Release Date: September 16, 2024 6. Update Date: October 14, 2024 7. Revision Version: 1.0 8. Known Exploited Vulnerability (KEV): No 9. Fixed: No 10. Workarounds Available: Yes 11. Affected Products: - RSLogix 500® - RSLogix™ Micro Developer and Starter - RSLogix™ 5 12. Mitigations and Workarounds: - Disable VBA code execution when not needed by navigating to “Policy”, selecting “Enable/Disable VBA”, and checking the “Deny” box. - Save project files in trusted locations where only administrators can modify and verify file integrity. - Use VBA Editor protection features to lock VBA code viewing and editing by setting a password. 13. Vulnerability Details: - This vulnerability allows malicious code execution when a user opens an infected RSP/RSS project file. - If exploited, attackers may achieve remote code execution. - Affects connected devices. 14. CVSS Scores: - CVSS Base Score 3.1: 7.7/10 - CVSS Base Score 4.0: 8.8/10 15. CWE Number: CWE-345 (Insufficient Data Integrity Validation) 16. Known Exploited Vulnerability (KEV): No 17. Additional Resources: - Provides a link to CVE information in Vulnerability Exploitability Exchange (VEX) format. - Provides a JSON-formatted link for CVE-2024-7847. This information helps users understand the vulnerability’s details, scope of impact, and how to mitigate or remediate it.

Goal Reached Thanks to every supporter — we hit 100%!

Rockwell RSLogix 5/500 VBA Remote Code Execution Vulnerability (CVE-2024-7847)