Critical Flaws in Rockwell Automation PowerMonitor 1000 Devices: CVSS Scores Hit 9.8/10

by do son ·

Rockwell Automation ThinManager ThinServer CVE-2024-7988

Rockwell Automation has issued a critical security advisory highlighting three severe vulnerabilities affecting its PowerMonitor 1000 devices. These vulnerabilities, identified by Vera Mens of Claroty Research – Team82, pose significant risks, including remote code execution, denial-of-service (DoS), and device takeover.

The vulnerabilities, tracked as CVE-2024-12371, CVE-2024-12372, and CVE-2024-12373, have each been assigned a CVSS v3.1 Base Score of 9.8/10, underscoring their critical nature.

  • CVE-2024-12371: This vulnerability enables attackers to configure a new privileged “Policyholder” user via an unauthenticated API call. As Rockwell Automation notes, “Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.”
  • CVE-2024-12372: This vulnerability involves heap memory corruption, which could compromise system integrity. Exploiting this flaw may result in remote code execution or a denial-of-service attack.
  • CVE-2024-12373: A buffer overflow issue that could lead to denial-of-service conditions, disrupting device functionality and potentially industrial operations.

The advisory lists multiple PowerMonitor 1000 models affected by these vulnerabilities, including PM1k 1408-BC3A-485 and PM1k 1408-EM3A-ENT. Devices running firmware versions below 4.020 are vulnerable. Rockwell Automation strongly advises updating to firmware version 4.020 or later to mitigate these risks.

Although these vulnerabilities are not currently listed in the Known Exploited Vulnerabilities (KEV) database, the potential for exploitation remains high given their critical nature. Industrial environments utilizing these devices are encouraged to act swiftly.

Related Posts:

Buy Me A Coffee

Tags: CVE-2024-12371CVE-2024-12372CVE-2024-12373PowerMonitor 1000Rockwell Automation