Vulnerability Details CVE-2018-19282
Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01
- https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01
Products affected by CVE-2018-19282
-
cpe:2.3:h:rockwellautomation:powerflex_525_ac_drives:-
-
cpe:2.3:o:rockwellautomation:powerflex_525_ac_drives_firmware:5.001