Weak password encryption used in Rockwell HMI software

Rockwell Automation Australia

Friday, 29 May, 2015

Softpedia has reported that the encryption algorithms for protecting user credentials in HMI software from Rockwell Automation are outdated and therefore sufficiently weak to be decrypted.

The product affected by the vulnerability is RSView32. According to Rockwell Automation, it is employed in multiple sectors worldwide, including manufacturing, energy, water and wastewater systems.

RSView32 stores user-defined credentials in a file that is protected via encryption. However, the standards used in the process have not been updated and present a security risk to an attacker that gains local access on the system.

An advisory from the US ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) warns that successful exploitation of this weakness leads to revealing the protected information.

“This exploit requires an attacker gaining local access to the specific file storing passwords local to the RSView32 product. This involves local or remote access, reverse-engineering, and some form of successful social-engineering,” the advisory says.

Because it is not remotely exploitable and user interaction is required for an attack to reach its goal, the vulnerability, tracked as CVE-2015-1010, is considered to have medium severity. A CVSS score has been calculated to 6.0 out of 10.

Rockwell Automation developed a patch to address the problem that affects RSView32 7.60.00 (CPR9 SR4) and all earlier versions. To get it, customers have to log into the Rockwell Automation account.

Related News

Nozomi Networks secures funding from Mitsubishi and Schneider Electric

Nozomi Networks has secured $100 million to accelerate OT cyber-defence technology.

Seeq announces GenAI capabilities with Seeq AI Assistant

The Seeq AI Assistant is designed to provide real-time assistance to users to help them to...

element14 now offering NI LabVIEW+ Suite

LabVIEW has been NI's benchmark software for 30 years, embraced by multiple generations of...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd