OTPulse
FeedAboutContact

Rockwell Automation PowerFlex 6000T

Plan Patch7.5ICS-CERT ICSA-24-284-19Oct 10, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in Rockwell Automation PowerFlex 6000T variable frequency drives (firmware versions 8.001, 8.002, and 9.001) allows an unauthenticated remote attacker to crash or freeze the device by sending malicious network traffic. The affected versions have no security patch available; users must upgrade to version 10.001 or apply network-level mitigations.

What this means
What could happen
An attacker could send malicious network traffic to a PowerFlex 6000T drive to trigger a denial-of-service condition, halting motor operations until the device is manually restarted.
Who's at risk
Electric utilities and water authorities operating Rockwell Automation PowerFlex 6000T variable frequency drives (VFDs) that control motors for pumps, compressors, fans, or other critical equipment. Organizations in the energy sector using these drives for process or distribution operations.
How it could be exploited
An attacker on the network sends crafted packets to the PowerFlex 6000T on its control port (likely Ethernet). The drive crashes or stops responding to legitimate commands, interrupting any pumps, fans, or motors it controls. The attacker needs only network access to the device; no authentication is required.
Prerequisites
  • Network access to PowerFlex 6000T (likely port 502 or Ethernet control port)
  • Device is reachable from attacker's network position
  • No credentials required
remotely exploitableno authentication requiredlow complexityhigh impact on availabilityno patch available for versions 8.001, 8.002, 9.001 (upgrade path only)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
PowerFlex 6000T: 8.001|8.002|9.0018.001|8.002|9.00110.001
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDPlace firewall rules to restrict network access to PowerFlex 6000T to only engineering workstations and HMI systems that need to communicate with it
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerFlex 6000T firmware to version 10.001 or later
Long-term hardening
0/2
HARDENINGSegment PowerFlex 6000T onto isolated control network, not accessible from business network or internet
HARDENINGIf remote access to the drive is needed, use VPN with current security patches and restrict VPN access to authorized personnel only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/0af6bc45-4f72-4511-b006-5dff7a2896dd
Rockwell Automation PowerFlex 6000T | CVSS 7.5 - OTPulse