Register now for better personalized quote!

The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities

Apr, 01, 2022 Hi-network.com

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on severe vulnerabilities impacting Rockwell Automation controllers.

Rockwell Automation provides industrial digital and automation solutions, including digital twin solutions, engineering products, and factory floor optimization hardware.

Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read now

On March 31, CISA pointed customers to two recent advisories, "ICSA-22-090-05: Rockwell Automation Logix Controllers" and "ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer," which detail severe vulnerabilities in controller products.

The first advisory describes CVE-2022-1161, a vulnerability assigned a CVSS severity score of 10.0, the highest possible. The bug impacts a range of CompactLogix, Compact GuardLogix, ControlLogix, FlexLogix, DriveLogix, and SoftLogix controllers.

According to the advisory, the vulnerability can be triggered remotely with low attack complexity.

"Successful exploitation of this vulnerability may allow an attacker to modify user programs," the US agency says. "A user could then unknowingly download those modified elements containing malicious code."

The second bug, tracked as CVE-2022-1159 and issued a CVSS 'high' severity score of 7.7, impacts Studio 5000 Logix Designer in ControlLogix, GuardLogix, and Compact GuardLogix controllers.

This vulnerability requires an attacker to secure administrator access on a workstation running Studio 5000 Logix Designer first, but if they achieve this, they can inject controller code "undetectable to a user."

The vulnerabilities were reported by Claroty cybersecurity researchers Sharon Brizinov and Tal Keren.

Claroty has compared the exploitation of these security issues to Stuxnet, as stealthy code could be operating without an engineer being aware of any tampering.

"Successful stealthy exploits of programmable logic controllers (PLCs) are among the rarest, most time-consuming, and investment-heavy attacks," the team commented. "Stuxnet's authors established the playbook for hacking PLCs by figuring out how to conceal malicious bytecode running on a PLC while the engineer programming the controller sees only normalcy on their engineering workstation. Without advanced forensics utilities, the execution of such malicious code cannot be discovered."

Rockwell has published advisories (1,2) on the vulnerabilities with steps toward mitigation. 

Earlier this week, the US agency added a further 66 vulnerabilities to the Known Exploited Vulnerabilities Catalog federal agencies are instructed to remediate. The bugs currently under active exploitation in the wild include issues in networking kits, security appliances, and browsers.

In February, CISA published an online guide containing free guidance and tools on incident response. The service also includes tips for organizations looking to reduce their risk exposure. 

See also

  • CISA: Here are 66 more security flaws actively being used by hackers - so get patching
  • CISA publishes guide with free cybersecurity tools, resources for incident response
  • CISA and FBI warning: Hackers used these tricks to dodge multi-factor authentication and steal email from NGO

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.