Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Rockwell Patches Code Execution Flaw in RSLogix Product

Rockwell Automation has released patches for some of its RSLogix products to address a vulnerability that can be leveraged to execute arbitrary code on a targeted system. Fortunately, the security hole is not easy to exploit.

Rockwell Automation has released patches for some of its RSLogix products to address a vulnerability that can be leveraged to execute arbitrary code on a targeted system. Fortunately, the security hole is not easy to exploit.

RSLogix, a programming package for Rockwell products, is used around the world in the food and agriculture, critical manufacturing, water and chemical sectors.

All versions of RSLogix Micro Starter Lite and Micro Developer, and RSLogix 500 Starter Edition, Standard Edition and Professional Edition are plagued by a buffer overflow vulnerability (CVE-2016-5814) caused by the way the product handles project files with an RSS extension.

An attacker can exploit the vulnerability if they can trick a local user into opening a specially crafted RSS file with an affected version of RSLogix. If the attack is successful, the malicious code is executed with the privileges of the victim.

In addition to applying the patches that address this flaw, Rockwell has advised customers to avoid running software with administrator privileges, avoid opening untrusted files, and limit network exposure for critical systems.

ICS Cyber Security ConferenceThe vulnerability was reported to Rockwell Automation by researcher Ariele Caltabiano, aka kimiya, via the Zero Day Initiative (ZDI) and ICS-CERT. The advisory submitted to ZDI has yet to be made public – the organization gives vendors 120 days to patch a flaw before its details are disclosed, but only 108 days have passed in this case.

While ICS-CERT has classified this vulnerability as high severity, with a CVSSv3 score of 8.6, ZDI rated it only medium severity, with a CVSSv3 score of 6.8. Swiss-based security firm SCIP estimates on its VulDB website that an exploit for this vulnerability is worth between $2,000 and $5,000.

Another vulnerability reported via ZDI and detailed by ICS-CERT in a recent advisory is a privilege escalation issue found by researcher Andrea Micalizzi in ABB’s data analysis software DataManagerPro.

Advertisement. Scroll to continue reading.

The flaw, tracked as CVE-2016-4526, allows an authenticated attacker to elevate their privileges to administrator by swapping DLLs in the package directory. The bug has been addressed by ABB with the release of DataManagerPro 1.7.1.

“The specific flaw exists within the file permissions set during product installation. The World account is set to have full rights to the directory that contains the binaries that are executed by system administrators. File substitution would then allow a standard user on the system to replace code that is subsequently run by a system administrator,” ZDI explained in an advisory.

Related: Learn More at the ICS Cyber Security Conference

Related: Flaws in Rockwell PLCs Expose Operational Networks

Related: Flaw Allows Attackers to Modify Firmware on Rockwell PLCs

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

ICS/OT

More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.