CVE-2023-2423

EPSS 0.05%
Veröffentlicht 08.08.2023 15:15:10
Zuletzt bearbeitet 21.11.2024 07:58:35
Quelle PSIRT@rockwellautomation.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Armor Powerflex Firmware Version <= 1.003

Rockwellautomation ≫ Armor Powerflex Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PSIRT@rockwellautomation.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-2423

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2423

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2423

EUVD