ID

VAR-202403-2344


CVE

CVE-2024-2427


TITLE

Rockwell Automation  of  PowerFlex 527 AC Drive  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-018073

DESCRIPTION

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. Rockwell Automation of PowerFlex 527 AC Drive There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Rockwell Automation PowerFlex 527 is an adjustable AC frequency converter from the American company Rockwell Automation. An attacker can exploit this vulnerability to cause the device to crash

Trust: 2.16

sources: NVD: CVE-2024-2427 // JVNDB: JVNDB-2024-018073 // CNVD: CNVD-2024-15540

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-15540

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:powerflex 527 ac drivesscope:gteversion:2.001

Trust: 1.0

vendor:rockwell automationmodel:powerflex 527 ac drivescope:eqversion: -

Trust: 0.8

vendor:rockwell automationmodel:powerflex 527 ac drivescope: - version: -

Trust: 0.8

vendor:rockwell automationmodel:powerflex 527 ac drivescope:eqversion:powerflex 527 ac drive firmware 2.001 that's all

Trust: 0.8

vendor:rockwellmodel:automation powerflexscope:eqversion:527>v2.001.x

Trust: 0.6

sources: CNVD: CNVD-2024-15540 // JVNDB: JVNDB-2024-018073 // NVD: CVE-2024-2427

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@rockwellautomation.com: CVE-2024-2427
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-2427
value: HIGH

Trust: 1.0

NVD: CVE-2024-2427
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-15540
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-15540
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

PSIRT@rockwellautomation.com: CVE-2024-2427
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-2427
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-15540 // JVNDB: JVNDB-2024-018073 // NVD: CVE-2024-2427 // NVD: CVE-2024-2427

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-018073 // NVD: CVE-2024-2427

EXTERNAL IDS

db:NVDid:CVE-2024-2427

Trust: 3.2

db:ICS CERTid:ICSA-24-086-02

Trust: 0.8

db:JVNid:JVNVU95922371

Trust: 0.8

db:JVNDBid:JVNDB-2024-018073

Trust: 0.8

db:CNVDid:CNVD-2024-15540

Trust: 0.6

sources: CNVD: CNVD-2024-15540 // JVNDB: JVNDB-2024-018073 // NVD: CVE-2024-2427

REFERENCES

url:https://www.rockwellautomation.com/en-us/support/advisory.sd1664.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu95922371/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-2427

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-02

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2024-2427/

Trust: 0.6

sources: CNVD: CNVD-2024-15540 // JVNDB: JVNDB-2024-018073 // NVD: CVE-2024-2427

SOURCES

db:CNVDid:CNVD-2024-15540
db:JVNDBid:JVNDB-2024-018073
db:NVDid:CVE-2024-2427

LAST UPDATE DATE

2025-02-06T22:55:42.599000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-15540date:2024-03-29T00:00:00
db:JVNDBid:JVNDB-2024-018073date:2025-02-05T07:18:00
db:NVDid:CVE-2024-2427date:2025-01-31T15:41:57.463

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-15540date:2024-03-29T00:00:00
db:JVNDBid:JVNDB-2024-018073date:2025-02-05T00:00:00
db:NVDid:CVE-2024-2427date:2024-03-25T21:15:47.660