Rockwell Automation has informed its customers about a series of potentially serious vulnerabilities discovered and patched in multiple products. The announcement comes at the same time as reports of a US investigation into the possible cyber risks linked to the company's operations in China. Rockwell Automation released six new security advisories this week, four of which were also shared by the US Cybersecurity and Infrastructure Security Agency (CISA). These advisories detail over a dozen vulnerabilities in total.
One advisory cautions organizations about Kinetix 5500 industrial control routers manufactured between May 2022 and January 2023, specifically devices running firmware version 7.13. These routers have Telnet and FTP ports open by default, potentially allowing hackers to gain access to the device. This critical vulnerability is identified as CVE-2023-1834 and has been fixed with the release of firmware version 7.14.
Two critical vulnerabilities were discovered in Rockwell Automation’s PanelView 800 graphics terminals. These security issues are related to the WolfSSL component and could result in a heap buffer overflow. However, devices are only affected if the email feature is enabled in the project file, which is disabled by default.
Three high-severity buffer overflow vulnerabilities were identified in the Arena event simulation and automation software. These vulnerabilities could enable an attacker to commit or execute unauthorized code. Rockwell Automation’s ThinManager software management platform is impacted by a cipher-related issue. A malicious actor could exploit this weakness to decrypt traffic between the client and server API.
One of the two advisories published by Rockwell but not distributed by CISA discusses a cross-site request forgery in FactoryTalk Vantagepoint. This vulnerability can be exploited to impersonate a legitimate user by persuading the target to click on a malicious link. The second advisory informs customers about 10 cross-site scripting (XSS) vulnerabilities in some ArmorStart ST distributed motor controllers. These vulnerabilities can be used to view and modify sensitive data in the web interface or render it unavailable. User interaction is required for exploitation.
Rockwell Automation’s advisories now include an entry for each vulnerability, specifying whether the bug is part of CISA’s Known Exploited Vulnerabilities (KEV) catalog. None of the vulnerabilities described in the Thursday advisories are included in the catalog.
Earlier this week, The Wall Street Journal reported that several US government departments are investigating Rockwell’s operations at a facility in Dalian, China, where employees might have access to information that could be used to compromise the systems of the company’s customers. There has been some concern that those employees could discover vulnerabilities in Rockwell software and exploit them in zero-day attacks targeting systems in the United States. CISA has published over a dozen security advisories describing Rockwell Automation flaws in the past year. CISA’s advisories inform organizations about more than 30 vulnerabilities affecting Rockwell products, including many rated ‘critical’ or ‘high’.