ID

VAR-202403-2344


CVE

CVE-2024-2427


TITLE

Rockwell Automation PowerFlex 527 Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-15540

DESCRIPTION

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. Rockwell Automation PowerFlex 527 is an adjustable AC frequency converter from the American company Rockwell Automation. An attacker can exploit this vulnerability to cause the device to crash

Trust: 1.44

sources: NVD: CVE-2024-2427 // CNVD: CNVD-2024-15540

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-15540

AFFECTED PRODUCTS

vendor:rockwellmodel:automation powerflexscope:eqversion:527>v2.001.x

Trust: 0.6

sources: CNVD: CNVD-2024-15540

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@rockwellautomation.com: CVE-2024-2427
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-15540
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-15540
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

PSIRT@rockwellautomation.com: CVE-2024-2427
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-15540 // NVD: CVE-2024-2427

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2024-2427

EXTERNAL IDS

db:NVDid:CVE-2024-2427

Trust: 1.6

db:CNVDid:CNVD-2024-15540

Trust: 0.6

sources: CNVD: CNVD-2024-15540 // NVD: CVE-2024-2427

REFERENCES

url:https://www.rockwellautomation.com/en-us/support/advisory.sd1664.html

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2024-2427/

Trust: 0.6

sources: CNVD: CNVD-2024-15540 // NVD: CVE-2024-2427

SOURCES

db:CNVDid:CNVD-2024-15540
db:NVDid:CVE-2024-2427

LAST UPDATE DATE

2024-08-14T13:19:19.930000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-15540date:2024-03-29T00:00:00
db:NVDid:CVE-2024-2427date:2024-03-26T12:55:05.010

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-15540date:2024-03-29T00:00:00
db:NVDid:CVE-2024-2427date:2024-03-25T21:15:47.660