A critical authentication bypass vulnerability, tracked as CVE-2021-22681, can be exploited by remote attackers to compromise programmable logic controllers (PLCs) manufactured by Rockwell Automation.
The vulnerability was independently reported to Rockwell by researchers at the Soonchunhyang University in South Korea, Claroty, and Kaspersky.
“Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to bypass the verification mechanism and connect with Logix controllers.” reads the advisory published by CISA. “Additionally, this vulnerability could enable an unauthorized third-party tool to alter the controller’s configuration and/or application code.”
The CVE-2021-22681 flaw has received a CVSS score of 10, it affects the following products:
Rockwell software versions:
Rockwell Logix Controllers:
The issue resides in the Logix Designer software that uses a poorly protected private cryptographic key to verify communications with controllers.
“This key is not sufficiently protected, allowing a remote, unauthenticated attacker to bypass the verification mechanism and connect to the controller by mimicking an engineering workstation.” reads the post published by Claroty. “An attacker who is able to extract the secret key would be able to authenticate to any Rockwell Logix controller.”
The secret keys are used to digitally sign all communication with the Rockwell PLCs, then PLCs verify the signature and authenticate the company engineering software. An attacker that obtained the key impersonate the engineering software and control the PLC.
Claroty privately reported the vulnerability to Rockwell in 2019.
Rockwell provided a list of risk mitigation and recommended user actions for its projects.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, PLC)
[adrotate banner=”5″]
[adrotate banner=”13″]
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
This website uses cookies.