Some of Rockwell Automation’s MicroLogix and CompactLogix PLCs are affected by a serious vulnerability can be exploited by a remote attacker to redirect users to malicious websites.
Both the ICS-CERT and Rockwell Automation published a security advisory.
The flaw is an open redirect vulnerability that ties the web server running on vulnerable devices. According to the expert, the web server accepts user input from the PLCs web interface and a remote, unauthenticated attacker can inject a malicious link that redirects users from the controller’s web server to a malicious website.
“Successful exploitation of this vulnerability could allow a remote
“An open redirect vulnerability could allow a remote
According to the attack scenario described in the security advisory published by Rockwell (available to registered users), the malicious website could be used to deliver malware on the user’s machine.
“This malicious website could potentially run or download arbitrary malware on the user’s machine. The target of this type of attack is not the industrial control device and does not disrupt its control functionality,” reads the advisory published by Rockwell.
Rockwell has released firmware updates that address the vulnerability for the affected controllers. To mitigate the issue it is possible to disable the web server.
Below the recommendations published by Rockwell Automation to minimize the risk of exploitation of this vulnerability:
The ICS-CERT credited Josiah Bryan and Giancarlo Palavicini for reporting this vulnerability to NCCIC.