CVE-2023-2423

EPSS 0.05%
Published 08.08.2023 15:15:10
Last modified 21.11.2024 07:58:35
Source PSIRT@rockwellautomation.com
Teams watchlist Login
Open Login

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Armor Powerflex Firmware Version <= 1.003

Rockwellautomation ≫ Armor Powerflex Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PSIRT@rockwellautomation.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-2423

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2423

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2423

EUVD