Following the news that a power monitor by Rockwell Automation, that is used by energy companies worldwide, is vulnerable to public exploits, Andrea Carcano, Co-founder and CPO at Nozomi Networks commented below.
Andrea Carcano, Co-founder and CPO at Nozomi Networks:
“Both the reported vulnerabilities are related to the web interface exposed by the device for configuration purposes; they require a very low skill level to be exploited.
The second reported issue, CVE-2019-19616, is caused by a wrong user segregation management. Instead of implementing a strong user validation server-side, the PLC greyed some buttons inside the HTML page sent to the user’s browser. In this way, an attacker can modify the HTML code inside his browser to enable the button bypassing the authentication.
In terms of remediating the second vulnerability (CVE-2019-19616), the permanent fix is to apply the vendor’s patch because it requires a server-side bugfix.
Our security research team is developing a signature (packet rule) in order to rapidly detect the XSS vulnerability CVE-2019-19615; it will be available soon to our OT ThreatFeed customers.”