Critical RCE Bug in Rockwell Automation PLCs Zaps Industrial Sites

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical RCE Bug in Rockwell Automation PLCs Zaps Industrial Sites


Rockwell Automation and CISA warn of security vulnerabilities that affect power plants, factories, and other critical infrastructure sites.



Two vulnerabilities in industrial programmable logic controllers (PLCs) from
Rockwell Automation
threaten critical infrastructure and industrial environments with disruption.
Both of these vulnerabilities are located in the communication modules of the PLCs that are used to physically control operational technology equipment, and are capable of being triggered through malicious common industrial protocol (CIP) messages.
The first is a critical bug, CVE-2023-3595 (CVSS score of 9.8 out of 10), that allows for threat actors to utilize firmware memory, carry out remote code execution (RCE) with persistence, and modify, deny, or even withdraw data that flows through the PLC, thus affecting equipment performance. The second, CVE-2023-3596 (CVSS 7.5), can be used to trigger a denial-of-service (DoS) condition that would render the device inoperable.
Its also possible for cyberattackers to plant themselves inside a PLC and lurk undetected until they choose to carry out an attack. In both cases, there exists the potential to corrupt the information used for incident response and recovery,
said experts at Dragos
. The attacker could potentially overwrite any part of the system to hide themselves and stay persistent, or the interfaces used to collect incident response or forensics information could be intercepted by malware to avoid detection.
The now-vulnerable communications modules are used by various organizations in different industries, including energy and transportation — and organizations should apply patches as soon as possible. Rockwell has provided patches for all products that have been affected, even hardware that has been out of support.
Users can find a list of the products that have been affected in
CISA
and
Rockwell Automation
advisories, along with advice for mitigation and detection.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical RCE Bug in Rockwell Automation PLCs Zaps Industrial Sites