The Cybersecurity and Infrastructure Security Agency has issued an advisory regarding two critical security vulnerabilities impacting Rockwell Automation's programmable logic controllers and engineering workstation software, which could be abused for malicious code injection and stealthy automation process alterations, reports The Hacker News.
Threat actors could exploit the flaws, tracked as CVE-2022-1161 and CVE-2022-1159, to prompt industrial operation disruptions and physical factory damage akin to the Stuxnet and Rogue7 attacks, according to Claroty researchers.
"Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages," wrote researcher Sharon Brizinov.
Aside from being able to modify user programs, attackers successfully targeting the flaws could download malicious code to facilitate PLC modification and the sending of rogue commands.
"The end result of exploiting both vulnerabilities is the same: The engineer believes that benign code is running on the PLC; meanwhile, completely different and potentially malicious code is being executed on the PLC," added Brizinov.
BleepingComputer reports that Australian global shipbuilding firm Austal had its U.S. subsidiary impacted by a cyberattack, which the Hunters International ransomware operation has since taken responsibility for.
Florida's St. Johns River Water Management District has disclosed a cyberattack impacting its technology environment during the past week, according to The Record, a news site by cybersecurity firm Recorded Future.
The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news