Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Critical Flaw Allows Hackers to Take Control of PowerFlex AC Drives

Rockwell Automation’s Allen Bradley PowerFlex 525 AC drives are affected by a critical denial-of-service (DoS) vulnerability that allows hackers to take control of devices.

Rockwell Automation’s Allen Bradley PowerFlex 525 AC drives are affected by a critical denial-of-service (DoS) vulnerability that allows hackers to take control of devices.

PowerFlex 525 AC drives are designed for controlling electrical motors. Unlike traditional drives, these devices offer advanced features, such as embedded Ethernet/IP communications and USB programming. Rockwell Automation says the product is ideal for conveyors, pumps, fans and mixers.

Nicolas Merle, a researcher at industrial cybersecurity firm Applied Risk, discovered that the PowerFlex 525 drive is affected by a serious DoS flaw that can be exploited to disrupt the configuration and control software associated with the device by sending it specially crafted UDP packets that cause the Common Industrial Protocol (CIP) network stack to crash.

Allen Bradley PowerFlex 525 AC driveExploitation causes the software to disconnect from the device and block legitimate users out, but an attacker can continue sending commands to the system. A hacker could, among other things, change the speed of the drive or send it start/stop commands, Merle told SecurityWeek.

The only way for victims to regain access to the device is to perform a power reset.

“The bug corrupts the CIP daemon in a way that some values returned by the devices are corrupted. It also prevents any new connection to be established with the device,” Merle explained. “One of the issues is that the control software used to interact with this device monitors all necessary values at all times and once the bug is exploited, the software receives an unexpected value and will try to restart the connection – effectively locking itself out.”

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

“An attacker, on the other hand, can write a simple script to initiate the connection and not close it. The commands can still be sent to the device in this state and the device will still execute them. In this way, as long as the attacker does not stop the connection, they can continue to send commands and request information. As soon as the connection is terminated, a cold reboot is required for the device to accept new connections,” the researcher added.

Applied Risk says it has uncovered the flaw in version 5.001 of the software, but believes older versions are likely affected as well. The firm says Rockwell Automation has developed a patch, but the vendor has yet to publish a security advisory.

Advertisement. Scroll to continue reading.

Related: No Patches for Critical Flaws in Fuji Electric Servo System, Drives

Related: Rockwell Automation to Patch Publicly Disclosed Power Monitor Flaws

Related: Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.