CISA warns about critical Rockwell PLC bugs

The Cybersecurity and Infrastructure Security Agency has issued an advisory regarding two critical security vulnerabilities impacting Rockwell Automation's programmable logic controllers and engineering workstation software, which could be abused for malicious code injection and stealthy automation process alterations, reports The Hacker News. Threat actors could exploit the flaws, tracked as CVE-2022-1161 and CVE-2022-1159, to prompt industrial operation disruptions and physical factory damage akin to the Stuxnet and Rogue7 attacks, according to Claroty researchers. "Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages," wrote researcher Sharon Brizinov. Aside from being able to modify user programs, attackers successfully targeting the flaws could download malicious code to facilitate PLC modification and the sending of rogue commands. "The end result of exploiting both vulnerabilities is the same: The engineer believes that benign code is running on the PLC; meanwhile, completely different and potentially malicious code is being executed on the PLC," added Brizinov.