Select Page

Two new security vulnerabilities have been disclosed in Rockwell Automation’s programmable logic controllers (PLCs) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes.

The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the Rogue7 attacks, operational technology security company Claroty said.

“Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages,” Claroty’s Sharon Brizinov noted in a write-up published Thursday.

images from Hacker News