Rockwell Working on PowerMonitor 1000 Fix

Tuesday, February 19, 2019 @ 05:02 PM gHale

Rockwell Automation is working on mitigations to fix cross-site scripting and authentication bypass vulnerabilities in its Allen-Bradley PowerMonitor 1000, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities could allow a remote attacker to affect the confidentiality, integrity, and availability of the device. Public exploits are available. On top of that, an attacker with low skill level could leverage the vulnerabilities.

RELATED STORIES
Horner Clears Cscape Vulnerability
Delta Fixes it Industrial Automation CNCSoft
Intel Has Fix for Data Center Manager SDK Holes
Pangea Patches Bypass Vulnerability

A monitoring platform, all versions of PowerMonitor 1000 suffer from the issues, discovered by Luca Chiou of ACSI.

In one vulnerability, a remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device.

CVE-2019-19615 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

In addition, a remote attacker may be able to use a proxy to enable functionality typically available to those with administrative rights for the web application, allowing the attacker to bypass authentication. Once bypassed, the attacker could disrupt user settings and device configuration.

CVE-2019-19616 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use mainly in the energy sector. It also sees action on a global basis.

Rockwell Automation is currently working on mitigations and reports CheckPoint Software Technologies has released IPS rules to detect attempts to exploit CVE-2019-19615.

For more information, Rockwell Automation released a security notification (login required).



Leave a Reply

You must be logged in to post a comment.