"Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks"

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), two security vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models could be exploited for Remote Code Execution (RCE) and Denial-of-Service (DoS). Researchers at Dragos noted that depending on the ControlLogix system configuration, exploiting these vulnerabilities could result in denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control with disruptive or destructive effects on the industrial process for which the ControlLogix system is responsible. CISA noted that successfully exploiting these vulnerabilities could enable malicious actors to gain remote access to the running memory of the module and conduct malicious activity. This article continues to discuss the potential exploitation and impact of the two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models. 

THN reports "Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks"