CVE-2024-2427

{"id": "CVE-2024-2427", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-25T21:15:47.660", "references": [{"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html", "source": "PSIRT@rockwellautomation.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "PSIRT@rockwellautomation.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\nA denial-of-service vulnerability exists in the Rockwell Automation PowerFlex\u00ae 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en Rockwell Automation PowerFlex\u00ae 527 debido a una limitaci\u00f3n inadecuada del tr\u00e1fico en el dispositivo. Si se env\u00edan varios paquetes de datos al dispositivo repetidamente, el dispositivo fallar\u00e1 y requerir\u00e1 un reinicio manual para recuperarse."}], "lastModified": "2024-03-26T12:55:05.010", "sourceIdentifier": "PSIRT@rockwellautomation.com"}