OTPulse
FeedAboutContact

Rockwell Automation PowerFlex 527

Monitor7.5ICS-CERT ICSA-24-086-02Mar 26, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Rockwell Automation PowerFlex 527 contains buffer overflow and resource exhaustion vulnerabilities (CWE-120, CWE-400) in firmware v2.001.x and later. Successful exploitation can crash the device, requiring manual restart to restore operation. No vendor patch is currently available. The vulnerability is triggered by a remote network request without authentication.

What this means
What could happen
A remote attacker can crash the PowerFlex 527 drive, forcing manual restart and halting motor control until recovery is complete. In a process plant, this could stop pumps, compressors, or conveyors depending on the application.
Who's at risk
Energy sector operators using Rockwell Automation PowerFlex 527 variable frequency drives (VFDs) in motor control applications should be aware of this denial-of-service risk. Any facility running PowerFlex 527 drives for critical pump, fan, or conveyor control is affected.
How it could be exploited
An attacker with network access to the PowerFlex 527 (typically via Ethernet port or industrial network) sends a specially crafted packet or request that triggers a buffer overflow or resource exhaustion condition, causing the device to crash and reboot.
Prerequisites
  • Network access to the PowerFlex 527 device (Ethernet port, port typically 502 or web interface port)
  • No credentials required
  • Device must be running firmware v2.001.x or later
remotely exploitableno authentication requiredlow complexityno patch availableaffects critical motor control
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
PowerFlex 527: >=v2.001.x≥ v2.001.xNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDDisable the web server on the PowerFlex 527 if it is not needed for monitoring or configuration. The web server is disabled by default but can be explicitly disabled in v2.001.x and later.
Mitigations - no patch available
0/2
PowerFlex 527: >=v2.001.x has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the PowerFlex 527 on a separate, restricted network. Only allow authorized engineering workstations and plant control systems to communicate with the drive.
HARDENINGMonitor network traffic to the device for unusual or malformed packets. Implement firewall rules to restrict access to only essential industrial protocols (e.g., EtherNet/IP).
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ae665a9a-8b04-41ec-bf18-280c2c9ce204
Rockwell Automation PowerFlex 527 | CVSS 7.5 - OTPulse