CVE-2024-9124 HIGH

CVE-2024-9124: Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability

Vendor Rockwell Automation
Product Drives - PowerFlex 6000T
Weakness CWE-754
Published October 8, 2024
Last update November 21, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
November 21, 2024 Record updated