Login Sign Up

CVE-2024-2425

7.5 HIGH
Denial of Service

📋 TL;DR

A denial-of-service vulnerability in Rockwell Automation PowerFlex 527 drives allows attackers to crash the web server through improper input validation. This affects industrial control systems using these specific drives, requiring manual restart to restore functionality.

💻 Affected Systems

Products:
  • Rockwell Automation PowerFlex 527
Versions: All versions prior to patch
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the web server component; drive operation continues but management interface is unavailable.

📦 What is this software?

Powerflex 527 Ac Drives Firmware by Rockwellautomation

View all CVEs affecting Powerflex 527 Ac Drives Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of web interface access and potential disruption to drive monitoring/configuration capabilities until manual restart is performed.

🟠

Likely Case

Temporary loss of web-based management interface requiring physical or network-based restart of affected drives.

🟢

If Mitigated

Minimal impact if drives are properly segmented and web interfaces are not exposed to untrusted networks.

🌐 Internet-Facing: HIGH - Web server crash leads to complete loss of remote management capability.
🏢 Internal Only: MEDIUM - Still disruptive but easier to physically restart affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Based on CWE-20 (Improper Input Validation), exploitation likely requires sending malformed requests to the web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Rockwell Automation advisory SD1664 for specific firmware versions

Vendor Advisory: https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html

Restart Required: Yes

Instructions:

1. Download updated firmware from Rockwell Automation website. 2. Follow firmware update procedures for PowerFlex 527 drives. 3. Restart affected devices after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PowerFlex 527 drives from untrusted networks and restrict access to web interface.

Access Control Lists

all

Implement firewall rules to restrict access to PowerFlex web interfaces to authorized management stations only.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate drives from untrusted networks
  • Disable web interface if not required for operations

🔍 How to Verify

Check if Vulnerable:

Check firmware version against Rockwell Automation advisory SD1664. Attempt to access web interface to verify functionality.

Check Version:

Check firmware version through drive display or web interface status page

Verify Fix Applied:

Verify firmware version is updated per advisory and test web interface with normal operations.

📡 Detection & Monitoring

Log Indicators:

  • Web server crash logs
  • Unexpected drive restarts
  • Failed web interface connections

Network Indicators:

  • Unusual traffic patterns to drive web ports
  • Multiple failed HTTP requests to drive IPs

SIEM Query:

source="powerflex_logs" AND (event="webserver_crash" OR event="unexpected_restart")

📊 Metadata

CVE ID: CVE-2024-2425
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: March 25, 2024
Last Updated: January 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2425, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)