Security News > 2021 > April > Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation's FactoryTalk AssetCentre, an ICS-specific backup solution.
Rockwell Automation's FactoryTalk AssetCentre is a centralized tool for securing, managing, versioning, tracking and reporting automation-related asset information across industrial facilities.
The AssetCentre solution is comprised of a main server, an MS-SQL server database, clients, and remote software agents running on engineering workstations.
"Operators can perform backup and restore, and version control functions from AssetCentre for all PLCs running on a factory floor, for example," the researchers explained.
"ICS-specific backup solutions such as FactoryTalk AssetCentre are key elements that enable quick disaster recovery in the event of, for example, a targeted ransomware attack. In industries where downtime is unacceptable, and especially where public safety may be impacted, organizations must have a reliable backup available."
Three of the discovered flaws are deserialization vulnerabilities that may allow an unauthenticated attacker to remotely execute arbitrary code in FactoryTalk AssetCentre, and one is a similar flaw that may allow an unauthenticated local attacker to gain full access to the FactoryTalk AssetCentre main server and agent machines and remotely execute code.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/_RuPIUErP2w/
Related news
- Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack (source)
- GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)