Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Rockwell Automation Patches Password Encryption Flaw in HMI Product

Rockwell Automation has released a patch to address a vulnerability in one of the company’s human-machine interface (HMI) products that can be exploited by malicious actors to obtain user-defined passwords.

Rockwell Automation has released a patch to address a vulnerability in one of the company’s human-machine interface (HMI) products that can be exploited by malicious actors to obtain user-defined passwords.

According to an advisory published by ICS-CERT on Wednesday, the security flaw affects RSView32, an integrated, component-based HMI solution designed for monitoring and controlling automation machines and processes. Researchers of the Russia-based security firm Ural Security System Center (USSC) have been credited for finding and reporting the vulnerability to Rockwell.

The usernames and passwords set by users for RSView32 are stored in a file. The problem is that the encryption algorithms used to protect these credentials are outdated, allowing attackers to gain access to the information by decrypting the file.

ICS-CERT has pointed out that the vulnerability cannot be exploited remotely and without user interaction.

“This exploit requires an attacker gaining local access to the specific file storing passwords local to the RSView32 product. This involves local or remote access, reverse-engineering, and some form of successful social-engineering,” ICS-CERT noted in its advisory.

The vulnerability, for which the CVE-2015-1010 identifier has been assigned, affects RSView32 version 7.60.00 (CPR9 SR4) and prior. Rockwell has released a patch to mitigate the risk associated with the flaw.

In addition to applying the patch, Rockwell advises customers to limit access to the product to authorized personnel, use Microsoft AppLocker or other whitelisting application to mitigate risks, and maintain layered physical and logical security. Security training for employees, downloading patches only from trusted sources, and establishing a staged patch management and product upgrade strategy are also recommended.

Rockwell advises customers to migrate from RSView32 to FactoryTalk View Site Edition (SE), an HMI product which, according to the company, provides unprecedented levels of control and information access.

Users who want to continue to use RSView32 should upgrade the operating system on which the product runs to a compatible version that is as current as possible and still supported by the developer. Since RSView32 is designed for Microsoft Windows environments, this piece of advice likely refers to upgrading from Windows XP, which is no longer supported by Microsoft.

Related: Learn more at the ICS Cyber Security Conference

Related: DLL Hijacking Flaws Found in Rockwell Automation’s FactoryTalk

Related: Rockwell Automation Fixes Flaw in Factory Communication Solution

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.