Security News > 2023 > July > Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
2023-07-13 09:00

The U.S. Cybersecurity and Infrastructure Security Agency has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP communication module models that could be exploited to achieve remote code execution and denial-of-service.

"The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible," Draogos said.

"Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access to the running memory of the module and perform malicious activity," CISA said.

Even worse, the flaws could be abused to potentially overwrite any part of the system to fly under the radar and stay persistent, not to mention render the module untrustworthy.

TRISIS, also known as TRITON, is an industrial control systems malware that has been previously observed targeting Schneider Electric's Triconex safety instrumented system controllers used in oil and gas facilities.

"In addition to the compromise of the vulnerable module itself, the vulnerability could also allow an attacker to affect the industrial process along with the underlying critical infrastructure, which may result in possible disruption or destruction," Tenable researcher Satnam Narang said of CVE-2023-3595.


News URL

https://thehackernews.com/2023/07/rockwell-automation-controllogix-bugs.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-3595 Out-of-bounds Write vulnerability in Rockwellautomation products
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages.
network
low complexity
rockwellautomation CWE-787
critical
9.8