service for receive sms messages online
PowerFlex 525 AC drives are designed to control motors. Unlike traditional storage devices, these devices offer advanced features such as integrated Ethernet / IP communications and USB programming. Rockwell Automation claims the product is ideal for conveyors, pumps, fans and mixers.
Nicholas Merle, a researcher at Applied Risk, a company specializing in industrial cybersecurity, found that the PowerFlex 525 has a serious DoS flaw that can be used to disrupt the configuration and management software associated with the device by sending it specially crafted UDP packets that cause the Common Industrial Protocol (CIP) network stack failure.
Allen Bradley PowerFlex 525 AC drive Exploitation causes the software to disconnect from the device and block legitimate users, but the attacker can continue to send commands to the system. A hacker can, among other things, change the speed of a disk or send him start / stop commands, Merle told SecurityWeek.
The only way for victims to regain access to the device is to perform a power reset.
“The error damages the CIP daemon so that some of the values returned by the devices are corrupted. It also prevents any new connection to the device, ”Merle explained. "One of the problems is that the control software used to interact with this device constantly monitors all the necessary values, and as soon as the error is used, the software receives an unexpected value and tries to restart the connection - effectively blocking itself."
“On the other hand, an attacker can write a simple script to initiate a connection, rather than closing it. Commands can still be sent to the device in this state, and the device will still execute them. Thus, until the attacker terminates the connection, he can continue to send commands and request information. As soon as the connection is broken, a cold reset is required for the device to accept new connections, ”the researcher added.
Applied Risk claims to have discovered a vulnerability in version 5.001 of the software, but believes that earlier versions may also be affected. The firm reports that Rockwell Automation developed the patch, but the vendor has not yet published safety recommendations.