www.cisa.gov
Open in
urlscan Pro
2600:141b:13:7af::447a
Public Scan
Submitted URL: https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04
Effective URL: https://www.cisa.gov/news-events/ics-advisories/icsa-19-050-04
Submission: On June 06 via api from IN — Scanned from US
Effective URL: https://www.cisa.gov/news-events/ics-advisories/icsa-19-050-04
Submission: On June 06 via api from IN — Scanned from US
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to main content
An official website of the United States government
Here’s how you know
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.
Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency
Search
×
search
Menu
Close
×
search
* Topics
Topics
Cybersecurity Best Practices
Cyber Threats and Advisories
Critical Infrastructure Security and Resilience
Election Security
Emergency Communications
Industrial Control Systems
Information and Communications Technology Supply Chain Security
Partnerships and Collaboration
Physical Security
Risk Management
How can we help?
GovernmentEducational InstitutionsIndustryState, Local, Tribal, and
TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help
Locally
* Spotlight
* Resources & Tools
Resources & Tools
All Resources & Tools
Services
Programs
Resources
Training
Groups
* News & Events
News & Events
News
Events
Cybersecurity Alerts & Advisories
Directives
Request a CISA Speaker
Congressional Testimony
* Careers
Careers
Benefits & Perks
HireVue Applicant Reasonable Accommodations Process
Hiring
Resume & Application Tips
Students & Recent Graduates
Veteran and Military Spouses
Work @ CISA
* About
About
Culture
Divisions & Offices
Regions
Leadership
Doing Business with CISA
Contact Us
Site Links
Reporting Employee and Contractor Misconduct
CISA GitHub
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
1. Home
2. News & Events
3. Cybersecurity Advisories
4. ICS Advisory
Share:
ICS Advisory
ROCKWELL AUTOMATION ALLEN-BRADLEY POWERMONITOR 1000 (UPDATE A)
Last Revised
September 05, 2019
Alert Code
ICSA-19-050-04
1. EXECUTIVE SUMMARY
* CVSS v3 9.8
* ATTENTION: Exploitable remotely/low skill level to exploit/public exploits
are available
* Vendor: Rockwell Automation
* Equipment: Allen-Bradley PowerMonitor 1000
* Vulnerabilities: Cross-site Scripting and Authentication Bypass
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled
ICSA-19-050-04 Rockwell Automation Allen-Bradley PowerMonitor 1000 that was
published February 9, 2019, on the ICS webpage on us-cert.gov.
3. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker
to affect the confidentiality, integrity, and availability of the device.
4. TECHNICAL DETAILS
4.1 AFFECTED PRODUCTS
The following versions of PowerMonitor 1000, a monitoring platform, are
affected:
* PowerMonitor 1000, all versions.
4.2 VULNERABILITY OVERVIEW
4.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION
('CROSS-SITE SCRIPTING') CWE-79(link is external)
A remote attacker could inject arbitrary code into a targeted user’s web browser
to gain access to the affected device.
CVE-2018-19615 has been assigned to this vulnerability. A CVSS v3 base score of
6.1 has been calculated; the CVSS vector string is
(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N(link is external)).
4.2.2 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288(link
is external)
A remote attacker may be able to use a proxy to enable functionality that is
typically available to those with administrative rights for the web application,
allowing the attacker to bypass authentication. Once bypassed, the attacker
could disrupt user settings and device configuration.
CVE-2018-19616 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is
(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H(link is external)).
4.3 BACKGROUND
* CRITICAL INFRASTRUCTURE SECTORS: Energy
* COUNTRIES/AREAS DEPLOYED: Worldwide
* COMPANY HEADQUARTERS LOCATION: United States
4.4 RESEARCHER
Luca Chiou of ACSI reported these vulnerabilities to NCCIC.
5. MITIGATIONS
--------- Begin Update A Part 1 of 1 --------
Rockwell Automation has released FRN 4.019(link is external), which addresses
the reported vulnerabilities.
Rockwell Automation reports CheckPoint Software Technologies has released IPS
rules to detect attempts to exploit CVE-2018-19615.
In the event a user can not apply the FRN 4.019 patch, Rockwell Automation notes
users can temporarily mitigate these vulnerabilities by disabling the FTP port
using the LCD configuration menu or in the configuration options. Users can also
disable access to the webpage using the LCD screen configuration menu or in the
configuration options.
For more information, Rockwell Automation has released a security
notification(link is external) (login required).
--------- End Update A Part 1 of 1 --------
CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. Specifically, users should:
* Minimize network exposure for all control system devices and/or systems, and
ensure they are not accessible from the Internet.
* Locate control system networks and remote devices behind firewalls and
isolate them from the business network.
* When remote access is required, use secure methods, such as Virtual Private
Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be
updated to the most current version available. Also recognize that VPN is
only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment
prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.gov. Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies.
Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.
VENDOR
Rockwell Automation
PLEASE SHARE YOUR THOUGHTS
We recently updated our anonymous product survey; we’d welcome your feedback.
RELATED ADVISORIES
Jun 01, 2023
ICS Advisory | ICSA-23-152-01
ADVANTECH WEBACCESS/SCADA
Jun 01, 2023
ICS Advisory | ICSA-23-152-02
HID GLOBAL SAFE
May 30, 2023
ICS Advisory | ICSA-23-150-01
ADVANTECH WEBACCESS/SCADA
May 25, 2023
ICS Advisory | ICSA-23-145-01
MOXA MXSECURITY SERIES
Return to top
* Topics
* Spotlight
* Resources & Tools
* News & Events
* Careers
* About
Cybersecurity & Infrastructure Security Agency
* Facebook
* Twitter
* LinkedIn
* YouTube
* Instagram
* RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov(link sends email)
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
* About CISA
* Accessibility
* Budget and Performance
* DHS.gov
* FOIA Requests
* No FEAR Act
* Office of Inspector General
* Privacy Policy
* Subscribe
* The White House
* USA.gov
* Website Feedback