Details of VAR-202308-2222

ID

VAR-202308-2222

CVE

CVE-2023-2423

TITLE

Rockwell Automation Made Armor PowerFlex calculation error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002894

DESCRIPTION

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations. Rockwell Automation Provided by Armor PowerFlex The following vulnerabilities exist in. It was * calculation error (CWE-682) - CVE-2023-2423If the vulnerability is exploited, it may be affected as follows

Trust: 2.25

sources: NVD: CVE-2023-2423 // JVNDB: JVNDB-2023-002894 // CNVD: CNVD-2025-12801 // VULMON: CVE-2023-2423

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12801

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	armor powerflex	scope:	lte	version:	1.003	Trust: 1.0
vendor:	rockwell automation	model:	armor powerflex	scope:	eq	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	armor powerflex	scope:	eq	version:	v1.003	Trust: 0.8
vendor:	rockwell	model:	automation armor powerflex	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-12801 // JVNDB: JVNDB-2023-002894 // NVD: CVE-2023-2423

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-2423
value:	HIGH
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2023-2423
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-2423
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12801
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-12801
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-2423
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
PSIRT@rockwellautomation.com:	CVE-2023-2423
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2023-2423
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12801 // JVNDB: JVNDB-2023-002894 // NVD: CVE-2023-2423 // NVD: CVE-2023-2423

PROBLEMTYPE DATA

problemtype:	CWE-682	Trust: 1.0
problemtype:	calculation error (CWE-682) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002894 // NVD: CVE-2023-2423

PATCH

title:	Armor PowerFlex Critical Fault Vulnerability ( Login required ) Rockwell Automation	url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371	Trust: 0.8
title:	Rockwell Automation Armor PowerFlex security vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/451476	Trust: 0.6

sources: CNVD: CNVD-2025-12801 // JVNDB: JVNDB-2023-002894

EXTERNAL IDS

db:	NVD	id:	CVE-2023-2423	Trust: 3.3
db:	ICS CERT	id:	ICSA-23-227-02	Trust: 0.8
db:	JVN	id:	JVNVU95172760	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-002894	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12801	Trust: 0.6
db:	VULMON	id:	CVE-2023-2423	Trust: 0.1

sources: CNVD: CNVD-2025-12801 // VULMON: CVE-2023-2423 // JVNDB: JVNDB-2023-002894 // NVD: CVE-2023-2423

REFERENCES

url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371	Trust: 1.7
url:	http://jvn.jp/vu/jvnvu95172760/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-2423	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-227-02	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-2423/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-12801 // VULMON: CVE-2023-2423 // JVNDB: JVNDB-2023-002894 // NVD: CVE-2023-2423

SOURCES

db:	CNVD	id:	CNVD-2025-12801
db:	VULMON	id:	CVE-2023-2423
db:	JVNDB	id:	JVNDB-2023-002894
db:	NVD	id:	CVE-2023-2423

LAST UPDATE DATE

2025-06-26T23:36:08.655000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12801	date:	2025-06-18T00:00:00
db:	VULMON	id:	CVE-2023-2423	date:	2023-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2023-002894	date:	2024-04-05T08:22:00
db:	NVD	id:	CVE-2023-2423	date:	2023-08-15T00:42:07.427

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12801	date:	2023-06-18T00:00:00
db:	VULMON	id:	CVE-2023-2423	date:	2023-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2023-002894	date:	2023-08-17T00:00:00
db:	NVD	id:	CVE-2023-2423	date:	2023-08-08T15:15:10.163