CVE-2024-9124

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.001:::::::*
	cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.002:::::::*
	cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:9.001:::::::*

cpe:2.3:h:rockwellautomation:powerflex_6000t:-:*:*:*:*:*:*:*

History

22 Sep 2025, 18:34

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Rockwellautomation powerflex 6000t Rockwellautomation powerflex 6000t Firmware Rockwellautomation
References	~~() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html -~~	() https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html - Vendor Advisory
CPE		cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:9.001:::::::* cpe:2.3:h:rockwellautomation:powerflex_6000t:-:::::::* cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.001:::::::* cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.002:::::::*

Information

Published : 2024-10-08 17:15

Updated : 2025-09-22 18:34

NVD link : CVE-2024-9124

Mitre link : CVE-2024-9124

CVE.ORG link : CVE-2024-9124

JSON object : View

Products Affected

rockwellautomation

powerflex_6000t_firmware
powerflex_6000t

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2024-9124", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-10-08T17:15:56.390", "references": [{"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1705.html", "tags": ["Vendor Advisory"], "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex\u00ae 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en el PowerFlex\u00ae 600T de Rockwell Automation. Si el dispositivo se sobrecarga con solicitudes, dejar\u00e1 de estar disponible. Es posible que sea necesario apagar y encender el dispositivo para recuperarlo si no restablece una conexi\u00f3n despu\u00e9s de dejar de recibir solicitudes."}], "lastModified": "2025-09-22T18:34:28.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B94C1B74-BCEF-4F22-8F49-18FABE6E8384"}, {"criteria": "cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CEF373D-896D-4C79-A040-EA265511B70D"}, {"criteria": "cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:9.001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9BB211E-D2C8-4AC0-9E30-FBDD91CFA4BC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:powerflex_6000t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B17F62E5-613F-4D1F-B30B-90110F555814"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT@rockwellautomation.com"}