Thursday, April 9, 2020

1 Advisory Published – 4-9-20

Today the CISA NCCIC-ICS published a control system security advisory for products from Rockwell Automation.

Rockwell Advisory

This advisory describes an incorrect permission assignment for critical resource vulnerability in the Rockwell RSLinx Classic PLC communications software. The vulnerability was reported by Applied Risk. Rockwell has a patch that mitigates the vulnerability. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.

NCCIC-ICS reports that a relatively low-skilled attacker with local authenticated access could exploit the vulnerability to allow a local authenticated attacker to execute malicious code when opening RSLinx Classic.

No comments:

/* Use this with templates/template-twocol.html */