ISaGRAF is a programming technology and execution environment used by industrial entities worldwide. It is owned by Rockwell Automation and, today is customized and extended for different controller devices that belong to various vendors.
Since the ISaGRAF framework requires adaptation from the end product vendor, it can be difficult to protect users. To find out that a product is vulnerable, the user needs to wait for Rockwell Automation to fix the vulnerabilities and release an advisory and then wait for the product’s vendor to do the same. In some cases, the ISaGRAF supply chain is even longer with third-party vendors. Complicated patching procedures make the remediation process even more difficult as security patches can only be installed during a specific period of time (scheduled maintenance window).
Kaspersky ICS CERT analyzed the ISaGRAF framework functionality and discovered nine vulnerabilities that can be exploited by a remote or local attacker – whose ultimate goal is to escape the restricted environment of ISaGRAF and take full control of the device. The research showed that a remote attacker could penetrate the system via the ISaGRAF eXchange Layer (IXL) protocol used to transfer data within the framework. Rockwell Automation has issued a security advisory, published an update to fix some of the vulnerabilities, and has suggested mitigation measures for others.
“The ISaGRAF Runtime environment is considered to be the essential programming tool used within different industries throughout the world, including those of national importance. At Kaspersky, we have discovered several vulnerabilities that might greatly affect this system and its functionality. Although the vendors issued security patches to fix the discovered issues, our report underscores how serious these vulnerabilities in third-party components can be. Once again, we’d like to draw the attention of the product’s vendors to the advisory and the need to act on it,” comments Evgeny Goncharov, Head of Kaspersky ICS CERT.
Learn more about the ISaGRAF framework and the uncovered vulnerabilities on Kaspersky’s ICS CERT website.
To keep your ICS computers protected from various threats, Kaspersky experts recommend:
About Kaspersky ICS CERT
Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) is a global project launched by Kaspersky in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. Kaspersky ICS CERT is an active member and partner of leading international organizations that develop recommendations on protecting industrial enterprises from cyberthreats. ics-cert.kaspersky.com.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com .
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.