Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems

Rockwell’s PowerMonitor is affected by critical vulnerabilities that can enable remote access to industrial systems for disruption or further attacks.

ICS and OT security

Critical vulnerabilities patched by Rockwell Automation in its Allen-Bradley PowerMonitor 1000 product could allow remote hackers to breach an organization’s industrial systems and cause disruption or gain further access. 

The existence of the vulnerabilities came to light this week when Rockwell Automation and the cybersecurity agency CISA released security advisories.

PowerMonitor 1000 is a compact power monitor for load profiling, cost allocation, and energy control. The device can be integrated with other energy monitoring systems and it can easily communicate with other Rockwell industrial control systems (ICS).

Three types of vulnerabilities were discovered in the power monitor, and each of them has been assigned a ‘critical severity’ rating. One of them, CVE-2024-12371, has been described as a device takeover issue.

“This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset,” Rockwell explained in its advisory.

The second flaw, CVE-2024-12372, can be exploited for DoS attacks and possibly for remote code execution, while the third, CVE-2024-12373, can be exploited for DoS attacks.

The security holes impact PowerMonitor 1000 devices running versions of the firmware prior to 4.020, which contains patches. 

Vera Mens, a security researcher from Team82 of industrial and IoT cybersecurity firm Claroty, who has been credited for responsibly disclosing the vulnerabilities to Rockwell, told SecurityWeek that they have identified — using web scanning services — dozens of vulnerable PowerMonitor devices that are exposed to the internet. 

“We strongly encourage asset owners to promptly update their firmware to ensure full protection,” Mens said.

Advertisement. Scroll to continue reading.

The researcher noted that the exploitation of these vulnerabilities does not require any authentication — an attacker can target devices after gaining access to the targeted organization’s internal network or directly from the web in the case of internet-exposed devices. 

“Exploiting these vulnerabilities could result in several impacts, including denial of service, authentication bypass, and remote code execution. For example, a denial of service on a device like the PowerMonitor 1000, which is used to monitor power usage in a manufacturing environment, could disrupt the supply chain by preventing accurate tracking of energy consumption, ultimately halting production,” Mens explained. 

“In addition, remote code execution could give an attacker full control over the device, potentially compromising the entire network,” the researcher added. 

Claroty has published individual advisories for each of the PowerMonitor 1000 vulnerabilities: CVE-2024-12373, CVE-2024-12371 and CVE-2024-12372.

Related: Watch Now: Navigating Your OT Cybersecurity Journey: From Assessment to Implementation

Related: US Water Facilities Urged to Secure Access to Internet-Exposed HMIs

Related: Iranian Hackers Use IOCONTROL Malware to Target OT, IoT Devices in US, Israel

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.