OTPulse
FeedAboutContact

Rockwell Automation Enhanced HIM

Act Now9.6ICS-CERT ICSA-23-192-01Jul 11, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A cross-site request forgery (CSRF) vulnerability in Rockwell Automation Enhanced HIM version 1.001 allows an attacker to perform unauthorized actions on the affected system. Successful exploitation could lead to sensitive information disclosure and full remote access to the affected products.

What this means
What could happen
An attacker could trick an authorized user into performing malicious actions, potentially gaining full control of the HIM system and access to sensitive operational or configuration data from your industrial network.
Who's at risk
Organizations running Rockwell Automation Enhanced HIM (version 1.001) are affected. This impacts manufacturing plants, water utilities, and electric facilities that rely on HIM systems for monitoring and controlling industrial processes. HIM systems are typically used by control room operators and engineers to visualize process data and issue commands to PLCs and other field devices.
How it could be exploited
An attacker crafts a malicious web page or email link that tricks an authenticated HIM user into clicking it while logged in. The attacker's site then performs unauthorized actions (such as creating admin accounts or downloading configuration files) on behalf of the victim's authenticated session.
Prerequisites
  • User must be logged into Enhanced HIM
  • User must click a malicious link or visit attacker-controlled web content while authenticated
  • HIM must be reachable over the network from where the user accesses it
Remotely exploitableUser interaction required (social engineering via link click)Low complexity attackAffects industrial control system visibility and command interfaceNo patch available yet for version 1.001 (users must upgrade to 1.002)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Enhanced HIM: 1.0011.0011.002
Remediation & Mitigation
0/5
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Enhanced HIM to version 1.002 or later
Long-term hardening
0/4
HARDENINGRestrict network access to Enhanced HIM from the business network; isolate HIM systems behind firewalls on the control system network only
HARDENINGEnsure HIM is not accessible from the Internet
HARDENINGIf remote access to HIM is required, use a secure VPN connection and keep the VPN software updated
HARDENINGTrain users to avoid clicking suspicious links or opening unsolicited email attachments that could lead to malicious sites
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/6c5c1e0b-aea1-442b-b0ea-20b3c76d20ee
Rockwell Automation Enhanced HIM | CVSS 9.6 - OTPulse