Security News > 2021 > February > Unprotected Private Key Allows Remote Hacking of Rockwell Controllers
Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation.
The vulnerability, tracked as CVE-2021-22681 with a CVSS score of 10, was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Kaspersky, and industrial cybersecurity firm Claroty.
The vulnerability impacts Studio 5000 Logix Designer, the popular design and configuration software for PLCs, as well as over a dozen CompactLogix, ControlLogix, DriveLogix, Compact GuardLogix, GuardLogix, and SoftLogix controllers.
The problem is related to the Logix Designer software using a private cryptographic key to verify communications with controllers.
This key is not sufficiently protected, allowing a remote, unauthenticated attacker to bypass the verification mechanism and connect to the controller by mimicking an engineering workstation.
Rockwell has advised customers to implement mitigations to reduce the risk of exploitation, including putting controllers into "Run mode," deploying CIP Security to prevent unauthorized connections, and updating the controller firmware.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-22681 | Insufficiently Protected Credentials vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | 7.5 |