Horner Automation Remote Compact Controller

Act Now9.8ICS-CERT ICSA-22-335-02Dec 1, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Horner Automation RCC 972 Remote Compact Controller contains vulnerabilities in credential storage and cryptographic implementation (CWE-326, CWE-321, CWE-1108) that allow an attacker with network access to extract stored credentials and obtain full control of the device. Successful exploitation could allow complete command execution on the controller.

What this means

What could happen

An attacker who gains access to the network could extract credentials from the RCC 972 and use them to take full control of the controller, potentially altering process logic, setpoints, or stopping operations entirely.

Who's at risk

This affects water authorities and utilities using Horner Automation Remote Compact Controller (RCC) 972 devices for process control, particularly those with RCC 972 controllers managing critical operations like pump control, tank level regulation, or distribution logic.

How it could be exploited

An attacker on the same network as the RCC 972 (or reaching it across the Internet if exposed) can exploit weak credential storage or weak cryptographic implementation to extract stored authentication credentials. Once credentials are obtained, the attacker can log in to the device and execute arbitrary commands or logic changes.

Prerequisites

Network access to the RCC 972 device or network it resides on
No valid credentials required for the credential extraction attack itself

Remotely exploitableNo authentication required for initial exploitationLow attack complexityCVSS critical (9.8)No patch currently availableFull compromise possible (read and write control of device operations)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Remote Compact Controller (RCC) 972 - RCC 972: Firmware15.415.60 or later

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate the RCC 972 and all control system networks behind firewalls and away from the business network

HARDENINGEnsure the RCC 972 is not accessible from the Internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate RCC 972 firmware to version 15.60 or later

HARDENINGIf remote access to the RCC 972 is required, implement access via VPN with current security patches

CVEs (3)

CVE-2022-2640 CVE-2022-2641 CVE-2022-2642

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/962faa9a-d430-4530-a7d7-8d2b7bdb7620