CVE-2018-19282

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
rockwellautomationpowerflex_525_ac_drives_firmware
𝑥
≤ 5.001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01
https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01