"The vulnerability, related to an insufficiently protected cryptographic key, could allow a remote, unauthenticated attacker to bypass verification and connect to a targeted controller by mimicking an engineering workstation. In a real-world industrial environment, the vulnerability could allow remote attackers to manipulate PLC logic and disrupt manufacturing processes, or even cause physical damage to equipment."
"CISA added the flaw, tracked as CVE-2021-22681, to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by March 26. The security hole affects the Studio 5000 Logix Designer software and several Logix programmable logic controllers (PLCs), including CompactLogix, ControlLogix, DriveLogix, FlexLogix, GuardLogix, and SoftLogix devices."
"CVE-2021-22681 was disclosed in February 2021, when the vendor announced mitigations and credited Soonchunhyang University in South Korea, Kaspersky, and Claroty for reporting it. Claroty said at the time that it had reported the issue to Rockwell in 2019."
CVE-2021-22681, a vulnerability in Rockwell Automation's Studio 5000 Logix Designer software and multiple Logix programmable logic controllers, involves an insufficiently protected cryptographic key. Disclosed in February 2021, the flaw allows remote, unauthenticated attackers to bypass verification and connect to controllers by mimicking engineering workstations. Recent in-the-wild exploitation prompted CISA to add it to its Known Exploited Vulnerabilities catalog. The vulnerability poses significant industrial risks, potentially enabling attackers to manipulate PLC logic, disrupt manufacturing processes, and cause physical equipment damage. Approximately 6,000 internet-exposed Rockwell devices exist, though the exact number affected remains unclear.
#industrial-control-systems #vulnerability-exploitation #rockwell-automation #cryptographic-key-weakness #cisa-kev-catalog
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]