IIoT Vulnerability Discovered in Rockwell Automation Drive Component

News Powerflex Bug Featured

An offshoot of IoT, Industrial Internet of Things (IIoT) is just as vulnerable to attacks as other technology. A Rockwell Automation flaw has been identified and is thought to make it possible for an industrial drive’s physical process to be exploited, manipulated, or even stopped. It puts any machinery or plant using the drive component at risk.

Rockwell Automation Flaw Identified

Rockwell Automation’s PowerFlex 525 drive component is both mechanical and logic-controlled and used in industrial systems to manage motors, such as conveyors, fans, pumps, and mixers. It allows for both motor and software controls in everything from regulating volts per hertz and managing Ethernet/IP networks.

A DoS (denial-of-service) vulnerability was located in a Rockwell Automation industrial drive. Designated as CVE-2018-19282, the flaw can be exploited to manipulate the drive physically, according to Applied Risk researchers. They gave the vulnerability a CVSS score of 9.1, deeming it critical.

“This finding allows an attacker to crash the Common Industrial Protocol (CIP) in a way that it does not accept any new connection,” wrote Applied Risk’s Nicholas Merle in an analysis.

“The current connections, however, are kept active, giving attackers complete control over the device.”

A spokesperson for Applied Risk further explains that it gives “complete access to the device and DOS for the other users, so availability and integrity are impacted, with no confidentiality impact. Those are also the most important factors in OT environment.”

News Powerflex Bug Sideways

Being that the drive controls the speed of motors, this bug could be severely detrimental to production. Impacted units were versions 5.001 and older of the software, though there have been no known public exploits to date.

A precise sequence of packets could be sent to crash the Common Industrial Protocol network stack to utilize the vulnerability. A spokesperson for Applied Risk said an attacker could be remote and wouldn’t necessarily need to be authenticated.

Not only that, but legitimate users could be locked out. An error in the control and configuration software is created, which makes it crash. It’s not possible after the crash to initiate a new connection to the device, which locks out authorized users from recovery. The only way to recover the device is to do a power reset.

“Sending a specific UDP packet, a definite amount of time corrupts the … daemon forbidding any new connection to be initiated and disconnecting the configuration and control software from Rockwell Automation,” added the researchers.

Threats to IoT

This is something we need to keep in consideration with IIoT. Like IoT, we just don’t think right away about possible exploits, as adding the Internet to our “Things” just makes everything so much easier. This is no less so for industrial applications.

Does the potential for harm in IIoT or IoT worry you? Let us know what you think of potential harm for all IIoT as well as the Rockwell Automation bug in the comments below.

Image Credit: PowerFlex 525 AC Drive on YouTube