Security News > 2022 > April > Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes.

CVE-2022-1161 - A remotely exploitable flaw that allows a malicious actor to write user-readable "Textual" program code to a separate memory location from the executed compiled code.

The issue resides in PLC firmware running on Rockwell's ControlLogix, CompactLogix, and GuardLogix control systems.

CVE-2022-1159 - An attacker with administrative access to a workstation running Studio 5000 Logix Designer application can intercept the compilation process and inject code into the user program without the user's knowledge.

Successful exploitation of the defects could allow an attacker to modify user programs and download malicious code to the controller, effectively altering the PLC's normal operation and allowing rogue commands to be sent to the physical devices controlled by the industrial system.

"The end result of exploiting both vulnerabilities is the same: The engineer believes that benign code is running on the PLC; meanwhile, completely different and potentially malicious code is being executed on the PLC," Brizinov explained.

News URL

https://thehackernews.com/2022/04/critical-bugs-in-rockwell-plc-could.html