Published Date: 10/8/2024
Last Updated: 10/8/2024
Revision Number: 1.0
CVSS Score: 8.2/10
The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found internally during routine testing and is being reported based on our commitment to customer transparency and to improving your business or production environments.
AFFECTED PRODUCTS AND SOLUTION
| Affected Product |
Affected Software Version | Corrected in Software Version |
| Drives - PowerFlex 6000T | 8.001, 8.002, 9.001 | 10.001 |
VULNERABILITY DETAILS
Rockwell Automation used the latest version of the CVSS scoring system to assess the following vulnerabilities.
CVE-2024-9124 IMPACT
A denial-of-service vulnerability exists in the PowerFlex® 6000T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
CVSS 3.1 Base Score: 7.5
CVSS 3.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 4.0 Base Score: 8.2
CVSS 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE: Improper Check for Unusual or Exceptional Conditions
Known Exploited Vulnerability (KEV) database: No
Mitigations and Workarounds
Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.
Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
ADDITIONAL RESOURCES
