CVE-2015-1010
Rockwell Automation has produced a patch to mitigate a password encryption vulnerability in RSView32.
Information Security Analysts Vladimir Dashchenko and Dmitry Dementjev of the Ural Security System Center (USSC) reported this vulnerability directly to Rockwell Automation.
Rockwell Automation, which is a US-based company, provides industrial automation control and information products across a wide range of industries.
The affected product, RSView32, is an HMI system used for monitoring and controlling automation machines and processes.
According to Rockwell Automation, RSView32 is deployed across several sectors including Critical Manufacturing, Energy, Water and Wastewater Systems, and others. Rockwell Automation estimates that these products are used worldwide.
RSView32 – 7.60.00 (CPR9 SR4) and all prior versions are affected.
An attacker who exploits this vulnerability may be able to gain access to user-defined passwords due to the use of weak encryption.
Local access is required to exploit this vulnerability.
