What is the severity of CVE-2024-2425?

CVE-2024-2425 is classified as a denial-of-service vulnerability.

How can I fix CVE-2024-2425?

To mitigate CVE-2024-2425, ensure that the firmware of the Rockwell Automation PowerFlex 527 is updated to the latest version.

What devices are affected by CVE-2024-2425?

CVE-2024-2425 affects the Rockwell Automation PowerFlex 527 AC Drives and its firmware versions starting from 2.001.

What happens if CVE-2024-2425 is exploited?

Exploitation of CVE-2024-2425 can cause the web server of the PowerFlex 527 to crash, requiring a manual restart.

Is there a workaround for CVE-2024-2425?

Currently, the recommended action for CVE-2024-2425 is to apply the latest firmware updates to minimize risk.

Vulnerability/
CVE-2024-2425

high

7.5

CWE

25/3/2024

31/1/2025

CVE-2024-2425: Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527

First published: Mon Mar 25 2024(Updated: )

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwell Automation PowerFlex 527 AC Drives
All of
Rockwell Automation PowerFlex 527 AC Drives Firmware	>=2.001
Rockwell Automation PowerFlex 527 AC Drives

Remedy

There is no fix currently for this vulnerability. Users using the affected software are encouraged to apply risk mitigations and security best practices, where possible. * Implement network segmentation confirming the device is on an isolated network. * Disable the web server https://literature.rockwellautomation.com/idc/groups/literature/documents/um/520-um002_-en-e.pdf , if not needed. The web server is disabled by default. Disabling this feature is available in v2.001.x and later. * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight

Never miss a vulnerability like this again

Reference Links

https://https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html

Frequently Asked Questions

What is the severity of CVE-2024-2425?
CVE-2024-2425 is classified as a denial-of-service vulnerability.
How can I fix CVE-2024-2425?
To mitigate CVE-2024-2425, ensure that the firmware of the Rockwell Automation PowerFlex 527 is updated to the latest version.
What devices are affected by CVE-2024-2425?
CVE-2024-2425 affects the Rockwell Automation PowerFlex 527 AC Drives and its firmware versions starting from 2.001.
What happens if CVE-2024-2425 is exploited?
Exploitation of CVE-2024-2425 can cause the web server of the PowerFlex 527 to crash, requiring a manual restart.
Is there a workaround for CVE-2024-2425?
Currently, the recommended action for CVE-2024-2425 is to apply the latest firmware updates to minimize risk.

agent/weakness
agent/remedy
agent/references
agent/title
agent/first-publish-date
agent/type
agent/description
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/source
agent/last-modified-date
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/rockwell automation
canonical/rockwell automation powerflex 527 ac drives
vendor/rockwellautomation
canonical/rockwell automation powerflex 527 ac drives firmware
version/rockwell automation powerflex 527 ac drives firmware/2.001

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.