Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Unprotected Private Key Allows Remote Hacking of Rockwell Controllers
#1
Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.
 
The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Kaspersky, and industrial cybersecurity firm Claroty.
 
Advisories for this flaw were published this week by the U.S. Cybersecurity and Infrastructure Security Agency ([color=var(--theme-link_a)]CISA) and [color=var(--theme-link_a)]Rockwell[/color] (account required). Claroty has also released a blog post with a [color=var(--theme-link_a)]high-level description[/color] of its findings.[/color]
 
The vulnerability impacts Studio 5000 Logix Designer (formerly RSLogix 5000), the popular design and configuration software for PLCs, as well as over a dozen CompactLogix, ControlLogix, DriveLogix, Compact GuardLogix, GuardLogix, and SoftLogix controllers.
 
The problem is related to the Logix Designer software using a private cryptographic key to verify communications with controllers. This key is not sufficiently protected, allowing a remote, unauthenticated attacker to bypass the verification mechanism and connect to the controller by mimicking an engineering workstation.
 
Once they have connected to the PLC, an attacker on the targeted organization’s network — or malware — can upload malicious code to the controller, download information from the device, or install new firmware. Claroty pointed out that exploitation of the vulnerability could directly impact a manufacturing process.
 
Claroty said it reported the issue to Rockwell back in 2019. It’s unclear when the others informed the vendor about the vulnerability.
 
Rockwell has advised customers to implement mitigations to reduce the risk of exploitation, including putting controllers into “Run mode,” deploying[color=var(--theme-link_a)] CIP Security to prevent unauthorized connections, and updating the controller firmware. It has also shared information for detecting potentially malicious changes and making general security improvements.[/color]


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Secret backdoor discovered in Zyxel firewall and AP controllers mrtrout 1 1,177 01-03-2021 , 05:18 PM
Last Post: Mike
  Zerologon vulnerability threatens domain controllers mrtrout 0 1,016 09-18-2020 , 03:17 AM
Last Post: mrtrout
  Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server LowcyGier 0 1,952 07-12-2017 , 09:11 PM
Last Post: LowcyGier
  Unprotected Database Exposes Details of 93.4 Million Mexican Voters baziroll 0 2,533 04-22-2016 , 10:39 PM
Last Post: baziroll



Users browsing this thread: 1 Guest(s)