SIMonline

Service receive & sending SMS

Vulnerability of PowerFlex AC Drives

69   |     /   Security
Vulnerability of PowerFlex AC Drives
Rockwell Automation Allen Bradley PowerFlex 525 AC drives are subject to critical denial of service (DoS) vulnerabilities that allow hackers to gain control of devices.



service for receive sms messages online

PowerFlex 525 AC drives are designed to control motors. Unlike traditional storage devices, these devices offer advanced features such as integrated Ethernet / IP communications and USB programming. Rockwell Automation claims the product is ideal for conveyors, pumps, fans and mixers.

Nicholas Merle, a researcher at Applied Risk, a company specializing in industrial cybersecurity, found that the PowerFlex 525 has a serious DoS flaw that can be used to disrupt the configuration and management software associated with the device by sending it specially crafted UDP packets that cause the Common Industrial Protocol (CIP) network stack failure.

Allen Bradley PowerFlex 525 AC drive Exploitation causes the software to disconnect from the device and block legitimate users, but the attacker can continue to send commands to the system. A hacker can, among other things, change the speed of a disk or send him start / stop commands, Merle told SecurityWeek.

The only way for victims to regain access to the device is to perform a power reset.

“The error damages the CIP daemon so that some of the values ​​returned by the devices are corrupted. It also prevents any new connection to the device, ”Merle explained. "One of the problems is that the control software used to interact with this device constantly monitors all the necessary values, and as soon as the error is used, the software receives an unexpected value and tries to restart the connection - effectively blocking itself."

“On the other hand, an attacker can write a simple script to initiate a connection, rather than closing it. Commands can still be sent to the device in this state, and the device will still execute them. Thus, until the attacker terminates the connection, he can continue to send commands and request information. As soon as the connection is broken, a cold reset is required for the device to accept new connections, ”the researcher added.

Applied Risk claims to have discovered a vulnerability in version 5.001 of the software, but believes that earlier versions may also be affected. The firm reports that Rockwell Automation developed the patch, but the vendor has not yet published safety recommendations.

Similar news


Microsoft Antivirus for Mac

Microsoft takes the fight against malware seriously. So serious that the company just released an anti-virus application to protect computers created by one of its largest competitors, Apple.

Asus computers at risk

Do you have an ASUS computer? Researchers at Kaspersky Lab can share pretty gloomy news with you. One of the servers that delivers updates to your computer has been hacked and may have pushed dangerous malware into your system.

New Shodan Service Monitors Internet Systems

The popular search engine IoT Shodan this week announced the launch of Monitor, a new service designed to help organizations track Internet-connected systems.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2020

All rights reserved