A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
Fixes

Solution

* Update to v10.001 or later Mitigations and Workarounds Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.     * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight


Workaround

No workaround given by the vendor.

History

Mon, 22 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation powerflex 6000t
Rockwellautomation powerflex 6000t Firmware
CPEs cpe:2.3:h:rockwellautomation:powerflex_6000t:-:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.001:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:8.002:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:powerflex_6000t_firmware:9.001:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation powerflex 6000t
Rockwellautomation powerflex 6000t Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0.0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}


Tue, 08 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Rockwellautomation
Rockwellautomation powerflex 600t
CPEs cpe:2.3:a:rockwellautomation:powerflex_600t:*:*:*:*:*:*:*:*
Vendors & Products Rockwellautomation
Rockwellautomation powerflex 600t
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Description A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests.
Title Rockwell Automation PowerFlex 6000T CIP Security denial-of-service Vulnerability
Weaknesses CWE-754
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published:

Updated: 2024-11-21T16:55:08.532Z

Reserved: 2024-09-23T20:07:02.816Z

Link: CVE-2024-9124

cve-icon Vulnrichment

Updated: 2024-10-08T18:56:53.659Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-08T17:15:56.390

Modified: 2025-09-22T18:34:28.750

Link: CVE-2024-9124

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.