OTPulse
FeedAboutContact

National Instruments CompactRIO

Monitor7.5ICS-CERT ICSA-20-338-01Dec 3, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

National Instruments CompactRIO controllers with driver version earlier than 20.5 contain an improper file permissions vulnerability in the Safe Mode startup process. The vulnerability allows an unauthenticated attacker on the network to trigger a remote reboot of the device. Affected CompactRIO firmware versions are those earlier than v8.5. The vulnerability resides in the default permissions assigned during Safe Mode initialization, where a reboot is initiated without proper access controls.

What this means
What could happen
An attacker with network access to a CompactRIO controller could force it to reboot remotely, causing interruption to real-time control processes and data acquisition running on the device.
Who's at risk
Water utilities and municipal electric systems that use National Instruments CompactRIO controllers for real-time process monitoring and control (SCADA data acquisition, PLC-like functions) running drivers earlier than version 20.5.
How it could be exploited
An attacker on the network sends a specially crafted request to the CompactRIO device on its management port. The vulnerable Safe Mode startup process does not properly validate file permissions, allowing the attacker to trigger a reboot without authentication.
Prerequisites
  • Network access to the CompactRIO device (typically port-based, requires device to be reachable from attacker's network segment)
  • No authentication credentials required
remotely exploitableno authentication requiredlow complexityaffects operational control systemscauses denial of service (reboot)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
CompactRIO - CompactRIO: Driver< 20.5No fix yet
Remediation & Mitigation
0/5
Do now
0/1
HARDENINGRestrict network access to CompactRIO devices using firewall rules; ensure they are not reachable from the Internet or corporate business network
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CompactRIO firmware to v8.5 or higher on all affected controllers
HOTFIXUpdate the NI CompactRIO Driver to version 20.5 or higher on host computers
HOTFIXFormat CompactRIO targets to factory defaults after firmware update to apply corrected Safe Mode permissions
Long-term hardening
0/1
HARDENINGIsolate CompactRIO control system network from corporate network using network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3cc36b01-842d-49f7-afe8-4886a57c48c5