OTPulse
FeedAboutContact

Rockwell Automation RSView32 Weak Encryption Algorithm on Passwords

Low RiskICS-CERT ICSA-15-132-02Feb 12, 2015
Summary

RSView32 uses weak encryption algorithms for password storage. This allows attackers with access to configuration or database files to more easily recover plaintext passwords.

What this means
What could happen
An attacker who gains access to RSView32 configuration files could recover stored passwords due to weak encryption, potentially compromising operator accounts and enabling unauthorized access to HMI functions and connected systems.
Who's at risk
Water utilities, power plants, and manufacturing facilities using RSView32 for process visualization and operator interfaces. Any organization where RSView32 config files could be accessed by unauthorized personnel, including through backup media, file shares, or physical workstation access.
How it could be exploited
An attacker must first gain file-level access to RSView32 configuration or database files (either through local access, file share compromise, or backup media). Once obtained, the weak encryption scheme allows the attacker to extract and crack password hashes offline to recover plaintext credentials.
Prerequisites
  • File-level access to RSView32 configuration or database files
  • No network access to RSView32 required; local or backup media access sufficient
  • No special authentication needed once configuration files are accessed
weak encryption algorithmno patch availableaffects HMI/SCADA systemspassword compromise risk
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
RSView32: <7.60.00_CPR9_SR4<7.60.00 CPR9 SR4No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3
HARDENINGRestrict file-level access to RSView32 configuration and database directories using operating system permissions; ensure only authorized engineering and system administration accounts can read these files
HARDENINGImplement strong access controls on RSView32 engineering workstations, including physical access restrictions and credential-based login requirements
HARDENINGSecure backup media containing RSView32 configuration files with encryption and restricted storage access
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor and audit access to RSView32 configuration file directories for unauthorized read attempts
Mitigations - no patch available
0/1
RSView32: <7.60.00_CPR9_SR4 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate RSView32 systems on a dedicated network segment with firewall rules limiting access to authorized engineering stations only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b5d072b1-3d62-4a95-96a2-0bc5ade6cdc3
Rockwell Automation RSView32 Weak Encryption Algorithm on Passwords - OTPulse