CVE-2024-2427

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
RockwellCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
rockwellautomationpowerflex_527_ac_drives_firmware
2.001 ≤
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html
https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html