CVE-2023-2423
Last modified
CVE-2023-2423 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Armor Powerflex Firmware | <= 1.003 |
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371Permissions Required
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2423?
How severe is CVE-2023-2423?
How do I fix CVE-2023-2423?
Are you affected by CVE-2023-2423?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST