The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities | ZDNet

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on severe vulnerabilities impacting Rockwell Automation controllers.

Rockwell Automation provides industrial digital and automation solutions, including digital twin solutions, engineering products, and factory floor optimization hardware.

On March 31, CISA pointed customers to two recent advisories, “ICSA-22-090-05: Rockwell Automation Logix Controllers,” and “ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer,” which detail severe vulnerabilities in controller products.

The first advisory describes CVE-2022-1161, a vulnerability assigned a CVSS severity score of 10.0, the highest possible. The bug impacts a range of CompactLogix, Compact GuardLogix, ControlLogix, FlexLogix, DriveLogix, and SoftLogix controllers.

According to the advisory, the vulnerability can be triggered remotely with low attack complexity.

“Successful exploitation of this vulnerability may allow an attacker to modify user programs,” the US agency says. “A user could then unknowingly download those modified elements containing malicious code.”

The second bug, tracked as CVE-2022-1159 and issued a CVSS ‘high’ severity score of 7.7, impacts Studio 5000 Logix Designer in ControlLogix, GuardLogix, and Compact GuardLogix controllers.

This vulnerability requires an attacker to secure administrator access on a workstation running Studio 5000 Logix Designer first, but if they achieve this, they can inject controller code “undetectable to a user.”

The vulnerabilities were reported by Claroty cybersecurity researchers Sharon Brizinov and Tal Keren.

Claroty has compared the exploitation of these security issues to Stuxnet, as stealthy code could be operating without an engineer being aware of any tampering.

“Successful stealthy exploits of programmable logic controllers (PLCs) are among the rarest, most time-consuming, and investment-heavy attacks,” the team commented. “Stuxnet’s authors established the playbook for hacking PLCs by figuring out how to conceal malicious bytecode running on a PLC while the engineer programming the controller sees only normalcy on their engineering workstation. Without advanced forensics utilities, the execution of such malicious code cannot be discovered.”

Rockwell has published advisories (1,2) on the vulnerabilities with steps toward mitigation. 

Earlier this week, the US agency added a further 66 vulnerabilities to the Known Exploited Vulnerabilities Catalog federal agencies are instructed to remediate. The bugs, currently under active exploitation in the wild, include issues in networking kit, security appliances, and browsers.

In February, CISA published an online guide containing free guidance and tools on incident response. The service also includes tips for organizations looking to reduce their risk exposure. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.