OTPulse
FeedAboutContact

Rockwell Automation PowerFlex 755

Plan Patch7.5ICS-CERT ICSA-25-056-01Feb 25, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

PowerFlex 755 drive software versions 16.002.279 and earlier contain an unencrypted transmission of sensitive data vulnerability (CWE-319). Successful exploitation could result in exposure of sensitive information. The vulnerability is not remotely exploitable.

What this means
What could happen
An attacker with network access to the PowerFlex 755 device could intercept and read sensitive data transmitted in plaintext, such as configuration parameters or operational information, without triggering alarms.
Who's at risk
Energy sector organizations operating Rockwell Automation PowerFlex 755 AC drives, particularly those used in motor control and industrial process automation. This affects any facility with PowerFlex 755 drives in version 16.002.279 or earlier that may transmit sensitive configuration or operational data over the network.
How it could be exploited
An attacker on the same network segment as the PowerFlex 755 would passively intercept unencrypted communications to the drive (e.g., via packet sniffing). This does not require authentication or active network probing, only network access to the same segment or a path the device communicates over.
Prerequisites
  • Network access to the same segment as PowerFlex 755 or to network traffic the device transmits over
  • No authentication or credentials required
No authentication requiredUnencrypted data transmissionSensitive configuration data exposure
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
PowerFlex 755: <=16.002.279≤ 16.002.27920.3.407
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGIsolate PowerFlex 755 devices and the entire control system network behind firewalls; ensure they are not directly accessible from the internet
WORKAROUNDIf remote access is required, use VPNs or other secure tunneling methods; keep VPN software updated to the latest version
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerFlex 755 software to version 20.3.407 or later
Long-term hardening
0/2
HARDENINGSegment the control system network from the business network using firewalls or air gaps
HARDENINGMonitor network traffic for suspected malicious activity and report findings to CISA
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4b060853-a6bf-4ab6-b1e2-3f41e721a53c