Rockwell Automation Products Face Critical Security Risks, Urgent Patching Required

Two recently discovered vulnerabilities in Rockwell Automation’s FactoryTalk software products pose a serious threat to industrial control systems (ICS). The vulnerabilities, tracked as CVE-2024-45823 and CVE-2024-45824, could potentially allow unauthorized access and even remote code execution, opening the door for malicious attacks with devastating consequences.

Authentication Bypass in FactoryTalk Batch View (CVE-2024-45823)

The first vulnerability, rated with a CVSSv4 score of 9.2 (Critical), affects FactoryTalk Batch View 2.01.00. It stems from the use of shared secrets across accounts, enabling a threat actor to impersonate a legitimate user by exploiting additional information required during authentication. Successful exploitation could grant attackers unauthorized access to sensitive systems and data.

Remote Code Execution in FactoryTalk View Site Edition (CVE-2024-45824)

The second vulnerability, also rated 9.2 (Critical), impacts FactoryTalk View Site Edition versions 12.0, 13.0, and 14.0. This vulnerability allows for full unauthenticated remote code execution when chained with Path Traversal, Command Injection, and XSS Vulnerabilities. This implies that a remote attacker could potentially execute malicious code on affected systems without requiring any authentication, wreaking havoc on industrial operations.

Urgent Action Required

Rockwell Automation has released patches to address both vulnerabilities. Users are strongly advised to upgrade to the following corrected versions immediately:

• FactoryTalk Batch View: Upgrade to version 3.00.00 or later.
• FactoryTalk View Site Edition: Apply the patches available at the link provided by Rockwell Automation.

Protecting Critical Infrastructure

Industrial control systems are the backbone of critical infrastructure, including power grids, manufacturing plants, and transportation networks. These vulnerabilities underscore the importance of robust cybersecurity practices in the industrial sector. Organizations are urged to:

• Prioritize patching: Apply security updates promptly to mitigate known vulnerabilities.
• Implement strong access controls: Enforce strict authentication and authorization mechanisms.
• Monitor network activity: Utilize intrusion detection and prevention systems to identify and block suspicious activity.
• Conduct regular security assessments: Identify and address potential weaknesses in ICS environments.

Related Posts:

• CVE-2024-21915 (CVSS 9.0): Rockwell Automation Patches Critical Flaw in FTSP
• Rockwell Automation Claims Cisco IOS Vulnerability Affects Its Industrial Switch
• CVE-2024-7988 (CVSS 9.8): Rockwell Automation’s ThinManager Flaw Allows RCE
• Critical Vulnerabilities Uncovered in Rockwell Automation’s ThinManager: Immediate Action Required
• Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems