Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for powerflex_6000t_firmware by rockwellautomation

    CVE-2024-9124 (GCVE-0-2024-9124)

    Vulnerability from nvd – Published: 2024-10-08 16:23 – Updated: 2024-11-21 16:55
    VLAI
    Title
    Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability
    Summary
    A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation Drives - PowerFlex 6000T Affected: 8.001
    Affected: 8.002
    Affected: 9.001
    Create a notification for this product.
    rockwellautomation powerflex_600t Affected: 8.001
    Affected: 8.002
    Affected: 9.001
        cpe:2.3:a:rockwellautomation:powerflex_600t:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-08 16:16
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:powerflex_600t:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "powerflex_600t",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.001"
                  },
                  {
                    "status": "affected",
                    "version": "8.002"
                  },
                  {
                    "status": "affected",
                    "version": "9.001"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:57:04.611704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T16:55:08.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Drives - PowerFlex 6000T",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.001"
                },
                {
                  "status": "affected",
                  "version": "8.002"
                },
                {
                  "status": "affected",
                  "version": "9.001"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T16:16:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation PowerFlex\u00ae 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. \u003c/span\u003e"
                }
              ],
              "value": "A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex\u00ae 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-26",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-26 Leveraging Race Conditions"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-08T16:23:09.331Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eUpdate to v10.001 or later\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds \u003c/b\u003e\u003cbr\u003eCustomers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u202f\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Update to v10.001 or later\n\n\n\n\nMitigations and Workarounds \nCustomers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u202f\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "advisory": "SD1705",
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-9124",
        "datePublished": "2024-10-08T16:23:09.331Z",
        "dateReserved": "2024-09-23T20:07:02.816Z",
        "dateUpdated": "2024-11-21T16:55:08.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9124 (GCVE-0-2024-9124)

    Vulnerability from cvelistv5 – Published: 2024-10-08 16:23 – Updated: 2024-11-21 16:55
    VLAI
    Title
    Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability
    Summary
    A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Rockwell Automation Drives - PowerFlex 6000T Affected: 8.001
    Affected: 8.002
    Affected: 9.001
    Create a notification for this product.
    rockwellautomation powerflex_600t Affected: 8.001
    Affected: 8.002
    Affected: 9.001
        cpe:2.3:a:rockwellautomation:powerflex_600t:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-08 16:16
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:rockwellautomation:powerflex_600t:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "powerflex_600t",
                "vendor": "rockwellautomation",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.001"
                  },
                  {
                    "status": "affected",
                    "version": "8.002"
                  },
                  {
                    "status": "affected",
                    "version": "9.001"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:57:04.611704Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T16:55:08.532Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Drives - PowerFlex 6000T",
              "vendor": "Rockwell Automation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.001"
                },
                {
                  "status": "affected",
                  "version": "8.002"
                },
                {
                  "status": "affected",
                  "version": "9.001"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T16:16:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial-of-service vulnerability exists in the Rockwell Automation PowerFlex\u00ae 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. \u003c/span\u003e"
                }
              ],
              "value": "A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex\u00ae 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-26",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-26 Leveraging Race Conditions"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-08T16:23:09.331Z",
            "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
            "shortName": "Rockwell"
          },
          "references": [
            {
              "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eUpdate to v10.001 or later\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003cb\u003eMitigations and Workarounds \u003c/b\u003e\u003cbr\u003eCustomers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u202f\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003eSecurity Best Practices\u003c/a\u003e\u202f\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Update to v10.001 or later\n\n\n\n\nMitigations and Workarounds \nCustomers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u202f\n\n  *   Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
            }
          ],
          "source": {
            "advisory": "SD1705",
            "discovery": "INTERNAL"
          },
          "title": "Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "assignerShortName": "Rockwell",
        "cveId": "CVE-2024-9124",
        "datePublished": "2024-10-08T16:23:09.331Z",
        "dateReserved": "2024-09-23T20:07:02.816Z",
        "dateUpdated": "2024-11-21T16:55:08.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }