Security News > 2023 > July > Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)
Rockwell Automation has fixed two vulnerabilities in the communication modules of its ControlLogix industrial programmable logic controllers, ahead of expected in-the-wild exploitation.
"An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT group," industrial cybersecurity company Dragos has stated on Wednesday.
"The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible," Dragos experts pointed out.
A complete list of affected products can be found in advisories published by the Cybersecurity and Infrastructre Agency and Rockwell Automation.
"Rockwell Automation has provided patches for all affected products, including hardware series that were out of support," Dragos experts pointed out.
"Knowing about an APT-owned vulnerability before exploitation is a rare opportunity for proactive defense for critical industrial sectors. The type of access provided by CVE-2023-3595 is similar to the zero-day employed by XENOTIME in the TRISIS attack. Both allow for arbitrary firmware memory manipulation, though CVE-2023-3595 targets a communication module responsible for handling network commands. However, their impact is the same," they added.
News URL
https://www.helpnetsecurity.com/2023/07/13/cve-2023-3595-cve-2023-3596/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-12 | CVE-2023-3595 | Out-of-bounds Write vulnerability in Rockwellautomation products Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. | 9.8 |