Governance & Risk Management , Operational Technology (OT)

Rockwell Automation PLC Software Contains RCE Flaw

Attackers Could Shut Down Operations Or Cause Physical Damage
Rockwell Automation PLC Software Contains RCE Flaw
Security researchers found a remote code execution flaw in Rockwell Automation PLC configuration software. (Image: Shutterstock)

A severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code.

See Also: The Forrester Wave™: Operational Technology Security Solutions, Q2 2024

The flaw in Rockwell Automation-owned Allen-Bradley RSLogix 5 and RSLogix 500 software stems from insufficient verification of data that could allow attackers to perform remote code execution by injecting malicious code into project files, potentially compromising entire production systems.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday said the flaw allows malicious actors to execute remote code by embedding Visual Basic for Applications scripts in project files, which are automatically executed on opening. The vulnerability was caused by insufficient verification of data authenticity.

The lack of data authenticity verification means attackers can trick legitimate users into running malicious scripts, leading to attackers having remote control over affected systems. Attackers could potentially shut down operations, modify processes or even cause physical damage by altering operational commands.

The vulnerability, tracked as CVE-2024-7847, is rated 8.8 on the CVSS v4 scale. CISA advised immediate patching. The flaw affects all versions of RSLogix 5 and RSLogix 500, as well as related products such as RSLogix Micro Developer and Starter.

"Rockwell PLCs are ubiquitous in the U.S. manufacturing industry from automotive plants to pharmaceutical plants to food and beverage plans," said Larry O'Brien, vice president, research at Arc Advisory Group. The RSLogix 5 and RSLogix 500 software are used to configure older generation PLCs, O'Brien said.* Aging software and devices are highly common in manufacturing, where control systems are seen more as an industrial asset than an IT component needing constant attention.

"This is something I'd definitely want to address as soon as there's an opportunity. Most likely, we can address it pretty soon because it's the programing software" rather than the PLC itself that contains the flaw, he told Information Security Media Group.

Manufacturers are only likely to boot up PLC programming software when they need to make a change to automated processes on the factory floor. Still, patching can be easier said than done, since most manufacturers have a diverse install base of automation products, O'Brien said.

*Correction Sept. 24, 2024 14:54 UTC: The RSLogix 5 and RSLogix 500 are used to configure older generation PLCs and not, as mistakenly reported, older generation applications.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.