Today the CISA NCCIC-ICS published a control system security
advisory for products from Rockwell Automation.
Rockwell Advisory
This advisory
describes an incorrect permission assignment for critical resource vulnerability
in the Rockwell RSLinx Classic PLC communications software. The vulnerability was
reported by Applied Risk. Rockwell has a patch that mitigates the vulnerability.
There is no indication that the researchers have been provided an opportunity
to verify the efficacy of the fix.
NCCIC-ICS reports that a relatively low-skilled attacker
with local authenticated access could exploit the vulnerability to allow a
local authenticated attacker to execute malicious code when opening RSLinx
Classic.
Posts
No comments:
Post a Comment