Rockwell Working on Vulnerability Fixes

Monday, August 17, 2015 @ 01:08 PM gHale


There is a public report of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting Rockwell Automation 1769-L18ER/A LOGIX5318ER devices web interface, according to a report on ICS-CERT.

This is a programmable logic controller (PLC) used for automation in industrial processes. According to this report, the vulnerability is exploitable through the web interface of the impacted devices.

RELATED STORIES
Moxa RTU Controller Vulnerabilities
Vulnerabilities with Prisma Web
Schneider Modicon Vulnerability
KAKO HMI Password Vulnerability

The report released without coordination with either the vendor or ICS-CERT.

ICS-CERT notified the affected vendor of the report and asked the vendor to confirm the vulnerability and identify mitigations.

ICS-CERT issued an alert to provide early notice of the report and identify baseline mitigations for reducing risks.

The report included vulnerability details and PoC exploit code for a remotely exploitable cross-site scripting (XSS) vulnerability that could cause a possible remote code execution.

ICS-CERT is currently coordinating with the vendor and security researcher to identify mitigations.

In addition, there is a remote file inclusion vulnerability with PoC exploit code affecting the Rockwell 1766-L32BWAA/1766-L32BXBA web interfaces. This is a programmable logic controller (PLC) used for automation in industrial processes. According to this report, the vulnerability is exploitable through the web interface. The report released without coordination with either the vendor or ICS-CERT.

The report included vulnerability details and PoC exploit code for a remotely exploitable remote file inclusion that could lead to a possible remote code execution or a possible denial of service

ICS CERT had already notified Rockwell Automation of the vulnerability in these controllers.

Rockwell Automation suggests these mitigating measures:
• Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted web sites and attachments
• Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack
• Subscribe the Rockwell Security Advisory Index, Knowledgebase article KB:54102



Leave a Reply

You must be logged in to post a comment.