Rockwell Automation released a security advisory with mitigation steps to handle an open redirect vulnerability in its MicroLogix 1400 and CompactLogix 5370 Controllers, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, discovered by Josiah Bryan and Geancarlo Palavicini, could allow a remote unauthenticated attacker to input a malicious link redirecting users to a malicious website.
The following Rockwell Automation products suffer from the vulnerability:
• MicroLogix 1400 Controllers
– Series A, All Versions
– Series B, v15.002 and earlier
• MicroLogix 1100 Controllers v14.00 and earlier
• CompactLogix 5370 L1 controllers v30.014 and earlier
• CompactLogix 5370 L2 controllers v30.014 and earlier
• CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier
An open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine.
CVE-2019-10955 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.
The products see use mainly in the critical manufacturing sector. They also see action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Rockwell Automation released a security advisory with mitigation steps (Login required).
Rockwell Automation recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
• Update to the latest available firmware revision that addresses the associated risk.
• Use trusted software, software patches, anti-virus/anti-malware programs, and interact only with trusted websites and attachments.
• Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
• Locate control system networks and devices behind firewalls and isolate them from the business network.
• When remote access is required, use secure methods such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. VPN is only as secure as the connected devices.
• Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.