Security News > 2022 > April > Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code
2022-04-01 05:31

Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes.

CVE-2022-1161 - A remotely exploitable flaw that allows a malicious actor to write user-readable "Textual" program code to a separate memory location from the executed compiled code.

The issue resides in PLC firmware running on Rockwell's ControlLogix, CompactLogix, and GuardLogix control systems.

CVE-2022-1159 - An attacker with administrative access to a workstation running Studio 5000 Logix Designer application can intercept the compilation process and inject code into the user program without the user's knowledge.

Successful exploitation of the defects could allow an attacker to modify user programs and download malicious code to the controller, effectively altering the PLC's normal operation and allowing rogue commands to be sent to the physical devices controlled by the industrial system.

"The end result of exploiting both vulnerabilities is the same: The engineer believes that benign code is running on the PLC; meanwhile, completely different and potentially malicious code is being executed on the PLC," Brizinov explained.


News URL

https://thehackernews.com/2022/04/critical-bugs-in-rockwell-plc-could.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-11 CVE-2022-1161 Unspecified vulnerability in Rockwellautomation products
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems.
network
low complexity
rockwellautomation
critical
9.8
2022-04-01 CVE-2022-1159 Code Injection vulnerability in Rockwellautomation products
Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.
network
low complexity
rockwellautomation CWE-94
7.2