Cybersecurity continues to be the main news source coming through my inbox. Claroty, through its research arm called Team82, last week released a vulnerability disclosure regarding Rockwell Automation’s programmable logic controllers (PLCs) and highlighting findings from the team’s research, including the discovery of two new Stuxnet-type threats, vulnerabilities CVE-2022-1161 and CVE-2022-1159.
These vulnerabilities exposed Rockwell’s Logix Controllers and Logix Designer applications to attacks that can modify automation processes, allowing the attacker to fully damage systems without the user ever knowing.
Key findings in Team82’s vulnerability disclosure include:
CVE-2022-1161 affects numerous versions of Rockwell’s Logix Controllers and has a CVSS score of 10, the highest criticality.
CVE-2022-1159 affects several versions of its Studio 5000 Logix Designer application, and has a CVSS score of 7.7, high severity.
Modified code could be downloaded to a PLC, while an engineer at their workstation would see the process running as expected, reminiscent of Stuxnet and the Rogue7 attacks.
Rockwell has provided users with a tool that detects such hidden code.
Users are urged to upgrade affected products to leverage these detection capabilities.
CISA has published an advisory warning users about the severity of these issues.
Rockwell Automation has also published advisories here and here.