Blog
Share This Post
[ad_1]
SecurityWeek reports that Rockwell Automation has issued fixes for a trio of critical flaws impacting Allen-Bradley PowerMonitor 1000 instances, which could be leveraged to infiltrate and disrupt industrial systems.
First of the addressed vulnerabilities is the device takeover bug, tracked as CVE-2024-12371, which could be exploited to enable the unauthenticated configuration of new Policyholder users, while both CVE-2024-12372 and CVE-2024-12373, could be utilized for denial-of-service intrusions, according to Rockwell. Immediate implementation of the fixes has been advised by Claroty Team82 researcher Vera Mens, who identified all of the issues. “Exploiting these vulnerabilities could result in several impacts, including denial of service, authentication bypass, and remote code execution… In addition, remote code execution could give an attacker full control over the device, potentially compromising the entire network,” said Mens, who noted the risk of significant supply chain disruptions stemming from attacks leveraging the security issues.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
