Summary: Rockwell Automation has issued a critical advisory regarding severe vulnerabilities in its PowerMonitor 1000 devices, which could lead to significant security risks including remote code execution and device takeover. The vulnerabilities have been assigned a CVSS score of 9.8, indicating their critical nature and the urgent need for firmware updates.
Threat Actor: Unknown | Unknown
Victim: Rockwell Automation | Rockwell Automation
Key Point :
- Three vulnerabilities tracked as CVE-2024-12371, CVE-2024-12372, and CVE-2024-12373 pose severe risks to PowerMonitor 1000 devices.
- CVE-2024-12371 allows attackers to create a privileged user via an unauthenticated API call.
- CVE-2024-12372 involves heap memory corruption, potentially leading to remote code execution.
- CVE-2024-12373 is a buffer overflow issue that can cause denial-of-service conditions.
- Devices with firmware versions below 4.020 are vulnerable, and immediate updates are recommended.
Rockwell Automation has issued a critical security advisory highlighting three severe vulnerabilities affecting its PowerMonitor 1000 devices. These vulnerabilities, identified by Vera Mens of Claroty Research – Team82, pose significant risks, including remote code execution, denial-of-service (DoS), and device takeover.
The vulnerabilities, tracked as CVE-2024-12371, CVE-2024-12372, and CVE-2024-12373, have each been assigned a CVSS v3.1 Base Score of 9.8/10, underscoring their critical nature.
- CVE-2024-12371: This vulnerability enables attackers to configure a new privileged “Policyholder” user via an unauthenticated API call. As Rockwell Automation notes, “Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.”
- CVE-2024-12372: This vulnerability involves heap memory corruption, which could compromise system integrity. Exploiting this flaw may result in remote code execution or a denial-of-service attack.
- CVE-2024-12373: A buffer overflow issue that could lead to denial-of-service conditions, disrupting device functionality and potentially industrial operations.
The advisory lists multiple PowerMonitor 1000 models affected by these vulnerabilities, including PM1k 1408-BC3A-485 and PM1k 1408-EM3A-ENT. Devices running firmware versions below 4.020 are vulnerable. Rockwell Automation strongly advises updating to firmware version 4.020 or later to mitigate these risks.
Although these vulnerabilities are not currently listed in the Known Exploited Vulnerabilities (KEV) database, the potential for exploitation remains high given their critical nature. Industrial environments utilizing these devices are encouraged to act swiftly.
Related Posts:
