Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it.

A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors.

The vulnerability was identified in Rockwell Automation’s PowerFlex 525 drive component, which is used in applications such as conveyors, fans, pumps and mixers. The drive offers a wide range of motor and software controls from regulating volts per hertz and software used to manage EtherNet/IP networks.

The flaw, CVE-2018-19282, could be exploited to manipulate the drive’s physical process and or stop it, according to researchers with Applied Risk who found it. The vulnerability has a CVSS score of 9.1, making it critical, according to researchers.

Read more…
Source: ThreatPost