Thu. Jul 7th, 2022

A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization.

A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization.

The National Instruments CompactRIO product, a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications.

NI CompactRIO

These controllers are used in multiple sectors, including heavy equipment, industrial manufacturing, transportation, power generation, and oil and gas.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw.

The flaw, tracked as CVE-2020-25191, affects driver versions prior to 20.5.

“Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” reads the security advisory published by CISA.

The vendor revealed that it is not aware of attacks in the wild that exploited this vulnerability.

An attacker could repeatedly trigger the flaw to reboot the device, causing a prolonged denial-of-service (DoS) condition and potentially disrupting industrial processes.

NI provided the following mitigations to prevent hackers from targeting this flaw in its products.

NI recommends the following steps for mitigation:

  • Download the NI CompactRIO 20.5 Driver. 
  • Install the driver on host computer.
  • Update the firmware on CompactRIO controllers to v8.5 or higher. Refer to Upgrading Firmware on my NI Linux Real-Time Device for directions on how to update the firmware on current controllers. Updating the firmware patches the Safe Mode where defaults are loaded.
  • Format the target to apply the new safemode default permissions. Refer to How to Restore LabVIEW RT Target to Factory Default Configuration for directions on how to format and reinstall software on target.
  • Repeat Steps 3 and 4 for each affected CompactRIO target.

Pierluigi Paganini

(SecurityAffairs – hacking, BISMUTH)

The post NI CompactRIO controller flaw could allow disrupting production appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.



Original Source