Security News > 2022 > April > Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code
Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes.
CVE-2022-1161 - A remotely exploitable flaw that allows a malicious actor to write user-readable "Textual" program code to a separate memory location from the executed compiled code.
The issue resides in PLC firmware running on Rockwell's ControlLogix, CompactLogix, and GuardLogix control systems.
CVE-2022-1159 - An attacker with administrative access to a workstation running Studio 5000 Logix Designer application can intercept the compilation process and inject code into the user program without the user's knowledge.
Successful exploitation of the defects could allow an attacker to modify user programs and download malicious code to the controller, effectively altering the PLC's normal operation and allowing rogue commands to be sent to the physical devices controlled by the industrial system.
"The end result of exploiting both vulnerabilities is the same: The engineer believes that benign code is running on the PLC; meanwhile, completely different and potentially malicious code is being executed on the PLC," Brizinov explained.
News URL
https://thehackernews.com/2022/04/critical-bugs-in-rockwell-plc-could.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-11 | CVE-2022-1161 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Rockwellautomation products An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. | 9.8 |
2022-04-01 | CVE-2022-1159 | Code Injection vulnerability in Rockwellautomation products Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | 7.2 |