B&R Automation is an Austrian automation company that offers industrial PC, HMI, PLC, protection, motion control, and communication products. Automation Studio is an automation system that covers every aspect off production and run-time environment, including power, HMIs, operation, and security. According to the United States, The Company’s products are used globally, in particular in the oil, chemical, and critical industries, Cybersecurity and Infrastructure Security Agency (CISA). CISA released an alert last week to warn organizations about vulnerabilities. Researchers from the industrial cybersecurity company Claroty have found that Version 4 of B&R Automation Studio has three vulnerabilities, which can be very useful to malicious hackers who have access to the Industrial Control Systems (ICS) of a target organization. Preminger identified a scenario in which an assailant with access to the Automation Studio network would perform a DNS poisoning attack on engineering machines and claim to be the B&R update server. The attacker will then use the weakness to execute code to compromise such engineering workstations. The expert added, “This attack is based on hijacking a domain, which becomes much easier if the attacker has gained access to a closed ICS network, where often there are no DNS servers to respond to the client, and Windows will fallback to local discovery protocols which are easier to deceive.” B&R said it did not find any evidence that any of these vulnerabilities were used for malicious purposes. The vendor has released patches for some of the versions affected and is working on updates for the other versions. It also shared some tips on how to avoid attacks.
