web analytics

Rockwell Automation PLC Software Contains RCE Flaw – Source: www.databreachtoday.com

rockwell-automation-plc-software-contains-rce-flaw-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Governance & Risk Management
,
Operational Technology (OT)

Attackers Could Shut Down Operations Or Cause Physical Damage

Prajeet Nair (@prajeetspeaks) ,
David Perera (@daveperera) •
September 23, 2024    

Rockwell Automation PLC Software Contains RCE Flaw
Security researchers found a remote code execution flaw in Rockwell Automation PLC configuration software. (Image: Shutterstock)

A severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code.

See Also: The Vital Role of OT-Native Network Visibility and Security Monitoring Amid IT Frameworks

The flaw in Rockwell Automation-owned Allen-Bradley RSLogix 5 and RSLogix 500 software stems from insufficient verification of data that could allow attackers to perform remote code execution by injecting malicious code into project files, potentially compromising entire production systems.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday said the flaw allows malicious actors to execute remote code by embedding Visual Basic for Applications scripts in project files, which are automatically executed on opening. The vulnerability was caused by insufficient verification of data authenticity.

The lack of data authenticity verification means attackers can trick legitimate users into running malicious scripts, leading to attackers having remote control over affected systems. Attackers could potentially shut down operations, modify processes or even cause physical damage by altering operational commands.

The vulnerability, tracked as CVE-2024-7847, is rated 8.8 on the CVSS v4 scale. CISA advised immediate patching. The flaw affects all versions of RSLogix 5 and RSLogix 500, as well as related products such as RSLogix Micro Developer and Starter.

“Rockwell PLCs are ubiquitous in the U.S. manufacturing industry from automotive plants to pharmaceutical plants to food and beverage plans,” said Larry O’Brien, vice president, research at Arc Advisory Group. The RSLogix 5 and RSLogix 500 software are an older generation of software used to configure PLCs, O’Brien said. Aging software and devices are highly common in manufacturing, where control systems are seen more as an industrial asset than an IT component needing constant attention.

“This is something I’d definitely want to address as soon as there’s an opportunity. Most likely, we can address it pretty soon because it’s the programing software” rather than the PLC itself that contains the flaw, he told Information Security Media Group.

Manufacturers are only likely to boot up PLC programming software when they need to make a change to automated processes on the factory floor. Still, patching can be easier said than done, since most manufacturers have a diverse install base of automation products, O’Brien said.

Original Post url: https://www.databreachtoday.com/rockwell-automation-plc-software-contains-rce-flaw-a-26346

Category & Tags: –

Views: 3

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys
Flashpoint
Global Threat Intelligence Report
Global Threat Intelligence Report
HSBC
A new payments paradigm
A new payments paradigm
WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security...
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?

More Latest Published Posts

IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report