CVE-2018-19282

Name: CVE-2018-19282
Creator: NVD / NIST
Published: 2019-04-04T21:29:00.66+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.64%

Last modified Jun 17, 2026

CVE-2018-19282 is a vulnerability of currently unknown severity. Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.. EPSS estimates a 5.64% chance of exploitation in the next 30 days.

Description

Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.

Metrics

EPSS Probability

5.64%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Rockwellautomation	Powerflex 525 Ac Drives Firmware	<= 5.001

References

https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdfThird Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01Third Party Advisory, US Government Resource
https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdfThird Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01Third Party Advisory, US Government Resource

Timeline

Published: Apr 4, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-19282?

How severe is CVE-2018-19282?

Severity scoring for CVE-2018-19282 is pending analysis. The EPSS model estimates a 5.64% probability of exploitation in the next 30 days.

How do I fix CVE-2018-19282?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19282?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST