OTPulse
FeedAboutContact

Rockwell Automation Armor PowerFlex

Plan Patch7.5ICS-CERT ICSA-23-227-02Aug 15, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in Armor PowerFlex allows an attacker to send an influx of network commands that cause the device to generate event log traffic at a high rate, resulting in system overload and stoppage of normal operation. CWE-682 (incorrect calculation). CVSS 7.5 high severity.

What this means
What could happen
An attacker could flood the Armor PowerFlex device with network commands, overwhelming the event logging system and causing the device to stop responding to legitimate operations. This would disrupt motor control and protection functions in energy and transportation systems.
Who's at risk
Energy utilities and transportation systems that use Rockwell Automation Armor PowerFlex motor controllers and protection devices for critical process control. Any facility relying on PowerFlex for motor drive and protection logic should be concerned.
How it could be exploited
An attacker with network access to the Armor PowerFlex device sends a high volume of crafted network commands to the device. The device attempts to log each command, exhausting system resources and causing the event logging system to fail, which stops normal operation of the device.
Prerequisites
  • Network access to Armor PowerFlex on its listening port
  • No authentication required
remotely exploitableno authentication requiredlow complexitydenial of service impact on critical operations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Armor PowerFlex: v1.003v1.003v2.001 or later
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGEnsure Armor PowerFlex is not directly accessible from the Internet; place behind firewall on isolated network segment
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Armor PowerFlex to firmware version 2.001 or later
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate control system networks from business networks
HARDENINGIf remote access to Armor PowerFlex is required, use secure VPN with current patches and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/8acb1473-a90b-40e0-a3c2-9caa414511f4