PT-2019-9786 · Rockwell Automation · Powerflex 525 Ac Drives

Nicolas Merle

Published

2019-04-04

Updated

2019-04-09

CVE-2018-19282

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockwell Automation PowerFlex 525 AC Drives versions 5.001 and earlier

Description The issue allows remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. This can be done in a way that the CIP does not accept new connections, but keeps the current connections active, potentially preventing legitimate users from recovering control.

Recommendations For versions 5.001 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-19282

Affected Products

Powerflex 525 Ac Drives

PT-2019-9786 · Rockwell Automation · Powerflex 525 Ac Drives

CVE-2018-19282

Weakness Enumeration

Related Identifiers

Affected Products

References · 4