Vulnerability Description
A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Armor Powerflex Firmware | <= 1.003 |
| Rockwellautomation | Armor Powerflex | - |
Related Weaknesses (CWE)
References
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371Permissions Required
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371Permissions Required
FAQ
What is CVE-2023-2423?
CVE-2023-2423 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sendin...
How severe is CVE-2023-2423?
CVE-2023-2423 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2423?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Armor Powerflex Firmware, Rockwellautomation Armor Powerflex.