Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Rockwell Automation Patches Password Encryption Flaw in HMI Product

Rockwell Automation has released a patch to address a vulnerability in one of the company’s human-machine interface (HMI) products that can be exploited by malicious actors to obtain user-defined passwords.

Rockwell Automation has released a patch to address a vulnerability in one of the company’s human-machine interface (HMI) products that can be exploited by malicious actors to obtain user-defined passwords.

According to an advisory published by ICS-CERT on Wednesday, the security flaw affects RSView32, an integrated, component-based HMI solution designed for monitoring and controlling automation machines and processes. Researchers of the Russia-based security firm Ural Security System Center (USSC) have been credited for finding and reporting the vulnerability to Rockwell.

The usernames and passwords set by users for RSView32 are stored in a file. The problem is that the encryption algorithms used to protect these credentials are outdated, allowing attackers to gain access to the information by decrypting the file.

ICS-CERT has pointed out that the vulnerability cannot be exploited remotely and without user interaction.

“This exploit requires an attacker gaining local access to the specific file storing passwords local to the RSView32 product. This involves local or remote access, reverse-engineering, and some form of successful social-engineering,” ICS-CERT noted in its advisory.

The vulnerability, for which the CVE-2015-1010 identifier has been assigned, affects RSView32 version 7.60.00 (CPR9 SR4) and prior. Rockwell has released a patch to mitigate the risk associated with the flaw.

In addition to applying the patch, Rockwell advises customers to limit access to the product to authorized personnel, use Microsoft AppLocker or other whitelisting application to mitigate risks, and maintain layered physical and logical security. Security training for employees, downloading patches only from trusted sources, and establishing a staged patch management and product upgrade strategy are also recommended.

Rockwell advises customers to migrate from RSView32 to FactoryTalk View Site Edition (SE), an HMI product which, according to the company, provides unprecedented levels of control and information access.

Advertisement. Scroll to continue reading.

Users who want to continue to use RSView32 should upgrade the operating system on which the product runs to a compatible version that is as current as possible and still supported by the developer. Since RSView32 is designed for Microsoft Windows environments, this piece of advice likely refers to upgrading from Windows XP, which is no longer supported by Microsoft.

Related: Learn more at the ICS Cyber Security Conference

Related: DLL Hijacking Flaws Found in Rockwell Automation’s FactoryTalk

Related: Rockwell Automation Fixes Flaw in Factory Communication Solution

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.