Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks

An old vulnerability affecting industrial control system (ICS) products from Rockwell Automation has been exploited in attacks, according to the vendor and the cybersecurity agency CISA.

CISA added the flaw, tracked as CVE-2021-22681, to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by March 26.

The security hole affects the Studio 5000 Logix Designer software and several Logix programmable logic controllers (PLCs), including CompactLogix, ControlLogix, DriveLogix, FlexLogix, GuardLogix, and SoftLogix devices.

CVE-2021-22681 was disclosed in February 2021, when the vendor announced mitigations and credited Soonchunhyang University in South Korea, Kaspersky, and Claroty for reporting it. Claroty said at the time that it had reported the issue to Rockwell in 2019.

The vulnerability, related to an insufficiently protected cryptographic key, could allow a remote, unauthenticated attacker to bypass verification and connect to a targeted controller by mimicking an engineering workstation.

In a real-world industrial environment ...