Rockwell Automation PowerFlex 6000T

Plan PatchCVSS 7.5ICS-CERT ICSA-24-284-19Oct 10, 2024

Rockwell AutomationEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in Rockwell Automation PowerFlex 6000T firmware versions 8.001, 8.002, and 9.001. An unauthenticated remote attacker can exploit this vulnerability to render the drive unavailable. The vulnerability is triggered through a network request and does not require user interaction or authentication. Successful exploitation could force affected drives offline and disrupt critical motor and process control operations. The vendor has released firmware version 10.001 to correct this issue.

What this means

What could happen

A remote attacker without credentials can cause the PowerFlex 6000T drive to become unavailable, potentially halting motor operations and process control in facilities relying on this equipment for power delivery or industrial processes.

Who's at risk

Energy sector operators, particularly utilities managing power distribution and motor-driven equipment, who deploy Rockwell Automation PowerFlex 6000T variable frequency drives. Any facility using these drives for critical motor control, pump operations, or industrial process equipment should prioritize assessment and remediation.

How it could be exploited

An attacker with network reachability to the PowerFlex 6000T can send a specially crafted request to trigger a denial-of-service condition, forcing the drive offline without authentication or user interaction required.

Prerequisites

Network reachability to the PowerFlex 6000T device
No authentication or credentials required
Device running affected firmware versions 8.001, 8.002, or 9.001

remotely exploitableno authentication requiredlow complexityaffects motor control and process availabilitydenial-of-service impact on critical equipment

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

PowerFlex 6000T: 8.001|8.002|9.0018.001|8.002|9.00110.001

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to PowerFlex 6000T devices to only authorized engineering workstations and control systems; block direct internet access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerFlex 6000T firmware to version 10.001 or later

Long-term hardening

0/2

HARDENINGSegment PowerFlex drives onto isolated industrial networks behind firewalls, separate from business networks and internet-connected systems

HARDENINGIf remote access to PowerFlex devices is necessary, use a VPN with current security patches and strong authentication rather than direct network exposure

CVEs (1)

CVE-2024-9124

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0af6bc45-4f72-4511-b006-5dff7a2896dd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.