Critical Failure in Rockwell PLCs
We will tell you about 2 new vulnerabilities discovered in Rockwell PLCs as well as in the engineering workstation software.
2 new vulnerabilities have been discovered in Rockwell PLCs as well as in the software of the engineering workstations that can be exploited to inject malicious code and inadvertently affect automation processes.
According to Claroty, the failure can affect industrial operations and cause damage in a similar way as Stuxnet did in its day:
“Process logics and predefined variables drive the automation process. A change in any of them can alter the normal operations of the PLCs and the processes it controls,” said Sharon Brizinow of Claroty.
The vulnerabilities have been classified as:
- CVE-2022-1161 (CVSS score: 10): A remotely exploitable failure allows an attacker to write to program code in a memory position separate from the compiled code (bytecode). The problem lies in the PLC firmware that runs on Rockwell’s ControlLogix, CompactLogix, and GuardLogix systems.
- CVE-2022-1159 (CVSS score: 7.7): An attacker with administrator access on the engineering workstation with Studio 5000 Logix Designer, can intercept the compilation process and inject code into the program transparently.
A successful exploitation of these weaknesses allows an attacker to modify the process logics and download malicious code to the PLCs and affect the operation, allowing anomalous commands to be sent to the physical devices that control these PLCs.
The result is that while the engineer thinks that the PLC has been programmed correctly, malicious code is actually being processed in the PLC.
News seen in The Hackers News
