VAR-202308-2222
Vulnerability from variot - Updated: 2025-06-26 23:36A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations. Rockwell Automation Provided by Armor PowerFlex The following vulnerabilities exist in. It was * calculation error (CWE-682) - CVE-2023-2423If the vulnerability is exploited, it may be affected as follows
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "armor powerflex",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1.003"
},
{
"model": "armor powerflex",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "armor powerflex",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "v1.003"
},
{
"model": "automation armor powerflex",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"cve": "CVE-2023-2423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-12801",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-2423",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-2423",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-2423",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-2423",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2023-2423",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-2423",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-12801",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations. Rockwell Automation Provided by Armor PowerFlex The following vulnerabilities exist in. It was * calculation error (CWE-682) - CVE-2023-2423If the vulnerability is exploited, it may be affected as follows",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-2423"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "VULMON",
"id": "CVE-2023-2423"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-2423",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-227-02",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95172760",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-12801",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-2423",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "VULMON",
"id": "CVE-2023-2423"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"id": "VAR-202308-2222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
}
]
},
"last_update_date": "2025-06-26T23:36:08.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Armor\u00a0PowerFlex\u00a0Critical\u00a0Fault\u00a0Vulnerability\u00a0( Login required ) Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371"
},
{
"title": "Rockwell Automation Armor PowerFlex security vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/451476"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-682",
"trust": 1.0
},
{
"problemtype": "calculation error (CWE-682) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95172760/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2423"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-227-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-2423/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "VULMON",
"id": "CVE-2023-2423"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"db": "VULMON",
"id": "CVE-2023-2423"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"date": "2023-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2423"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"date": "2023-08-08T15:15:10.163000",
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-12801"
},
{
"date": "2023-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2423"
},
{
"date": "2024-04-05T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2023-002894"
},
{
"date": "2023-08-15T00:42:07.427000",
"db": "NVD",
"id": "CVE-2023-2423"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0Armor\u00a0PowerFlex\u00a0 calculation error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002894"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…