A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization.
A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization.
The National Instruments CompactRIO product, a rugged, real-time controller that provides high-performance processing capabilities, sensor-specific conditioned I/O, and a closely integrated software toolchain that makes them ideal for Industrial Internet of Things (IIoT), monitoring, and control applications.
These controllers are used in multiple sectors, including heavy equipment, industrial manufacturing, transportation, power generation, and oil and gas.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory to warn organizations about the flaw.
The flaw, tracked as CVE-2020-25191, affects driver versions prior to 20.5.
“Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the device remotely.” reads the security advisory published by CISA.
The vendor revealed that it is not aware of attacks in the wild that exploited this vulnerability.
An attacker could repeatedly trigger the flaw to reboot the device, causing a prolonged denial-of-service (DoS) condition and potentially disrupting industrial processes.
NI provided the following mitigations to prevent hackers from targeting this flaw in its products.
NI recommends the following steps for mitigation:
(SecurityAffairs – hacking, BISMUTH)