What is the severity of CVE-2024-2426?

CVE-2024-2426 is categorized as a denial-of-service vulnerability affecting the Rockwell Automation PowerFlex 527.

How do I fix CVE-2024-2426?

To mitigate CVE-2024-2426, ensure that you apply any available firmware updates and monitor device inputs to avoid triggering the vulnerability.

What impact does CVE-2024-2426 have on systems?

Exploitation of CVE-2024-2426 can lead to a disruption in the CIP communication of the affected device, requiring a manual restart for recovery.

Which versions of PowerFlex 527 are affected by CVE-2024-2426?

CVE-2024-2426 affects the Rockwell Automation PowerFlex 527 AC Drives with firmware version 2.001 and later.

What is the cause of CVE-2024-2426?

CVE-2024-2426 results from improper input validation within the Rockwell Automation PowerFlex 527, leading to potential denial-of-service conditions.

Vulnerability/
CVE-2024-2426

high

7.5

CWE

25/3/2024

31/1/2025

CVE-2024-2426: Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527

First published: Mon Mar 25 2024(Updated: )

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwell Automation PowerFlex 527 AC Drives
All of
Rockwell Automation PowerFlex 527 AC Drives Firmware	>=2.001
Rockwell Automation PowerFlex 527 AC Drives

Remedy

There is no fix currently for this vulnerability. Users using the affected software are encouraged to apply risk mitigations and security best practices, where possible. * Implement network segmentation confirming the device is on an isolated network. * Disable the web server https://literature.rockwellautomation.com/idc/groups/literature/documents/um/520-um002_-en-e.pdf , if not needed. The web server is disabled by default. Disabling this feature is available in v2.001.x and later. * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight

Never miss a vulnerability like this again

Reference Links

https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html

Frequently Asked Questions

What is the severity of CVE-2024-2426?
CVE-2024-2426 is categorized as a denial-of-service vulnerability affecting the Rockwell Automation PowerFlex 527.
How do I fix CVE-2024-2426?
To mitigate CVE-2024-2426, ensure that you apply any available firmware updates and monitor device inputs to avoid triggering the vulnerability.
What impact does CVE-2024-2426 have on systems?
Exploitation of CVE-2024-2426 can lead to a disruption in the CIP communication of the affected device, requiring a manual restart for recovery.
Which versions of PowerFlex 527 are affected by CVE-2024-2426?
CVE-2024-2426 affects the Rockwell Automation PowerFlex 527 AC Drives with firmware version 2.001 and later.
What is the cause of CVE-2024-2426?
CVE-2024-2426 results from improper input validation within the Rockwell Automation PowerFlex 527, leading to potential denial-of-service conditions.

agent/weakness
agent/remedy
agent/references
agent/title
agent/first-publish-date
agent/type
agent/description
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/source
agent/last-modified-date
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/rockwell automation
canonical/rockwell automation powerflex 527 ac drives
vendor/rockwellautomation
canonical/rockwell automation powerflex 527 ac drives firmware
version/rockwell automation powerflex 527 ac drives firmware/2.001