Details of VAR-202403-2344

ID

VAR-202403-2344

CVE

CVE-2024-2427

TITLE

Rockwell Automation PowerFlex 527 Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-15540

DESCRIPTION

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. Rockwell Automation PowerFlex 527 is an adjustable AC frequency converter from the American company Rockwell Automation. An attacker can exploit this vulnerability to cause the device to crash

Trust: 1.44

sources: NVD: CVE-2024-2427 // CNVD: CNVD-2024-15540

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-15540

AFFECTED PRODUCTS

vendor:

rockwell

model:

automation powerflex

scope:

version:

527>v2.001.x

Trust: 0.6

sources: CNVD: CNVD-2024-15540

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@rockwellautomation.com:	CVE-2024-2427
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-15540
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-15540
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

PSIRT@rockwellautomation.com:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-15540 // NVD: CVE-2024-2427

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2024-2427

EXTERNAL IDS

db:	NVD	id:	CVE-2024-2427	Trust: 1.6
db:	CNVD	id:	CNVD-2024-15540	Trust: 0.6

sources: CNVD: CNVD-2024-15540 // NVD: CVE-2024-2427

REFERENCES

url:	https://www.rockwellautomation.com/en-us/support/advisory.sd1664.html	Trust: 1.0
url:	https://cxsecurity.com/cveshow/cve-2024-2427/	Trust: 0.6

sources: CNVD: CNVD-2024-15540 // NVD: CVE-2024-2427

SOURCES

db:	CNVD	id:	CNVD-2024-15540
db:	NVD	id:	CVE-2024-2427

LAST UPDATE DATE

2024-03-30T22:47:41.646000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-15540	date:	2024-03-29T00:00:00
db:	NVD	id:	CVE-2024-2427	date:	2024-03-26T12:55:05.010

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-15540	date:	2024-03-29T00:00:00
db:	NVD	id:	CVE-2024-2427	date:	2024-03-25T21:15:47.660