Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

2024-08-05 06:07

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol programming and configuration commands.

"A vulnerability exists in the affected products that allows a threat actor to bypass the Trusted Slot feature in a ControlLogix controller," the U.S. Cybersecurity and Infrastructure Security Agency said in an advisory.

Operational technology security company Claroty, which discovered and reported the vulnerability, said it developed a technique that made it possible to bypass the trusted slot feature and send malicious commands to the programming logic controller CPU. The trusted slot feature "Enforces security policies and allows the controller to deny communication via untrusted paths on the local chassis," security researcher Sharon Brizinov said.

"The vulnerability we found, before it was fixed, allowed an attacker to jump between local backplane slots within a 1756 chassis using CIP routing, traversing the security boundary meant to protect the CPU from untrusted cards."

While a successful exploit requires network access to the device, an attacker could take advantage of the flaw to send elevated commands, including downloading arbitrary logic to the PLC CPU, even if the attacker is located behind an untrusted network card.

"This vulnerability had the potential to expose critical control systems to unauthorized access over the CIP protocol that originated from untrusted chassis slots," Brizinov said.

News URL

https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html

#automation #critical #rockwell