Static Encryption Key Vulnerability in RCC 972 by Horner Automation
CVE-2022-2641

9.8CRITICAL

Key Information:

Vendor: Horner Automation
Status: Remote Compact Controller (rcc) 972
Vendor: CVE Published:; 1 December 2022

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2022-2641?

The RCC 972 device from Horner Automation, specifically with firmware version 15.40, is affected by a significant security flaw due to the presence of a static encryption key. This vulnerability allows attackers to exploit the device, potentially making unauthorized changes, executing arbitrary code remotely, and leading to denial-of-service situations. As devices remain crucial in industrial settings, addressing this security issue promptly is essential to safeguard operational integrity.

Affected Version(s)

Remote Compact Controller (RCC) 972 Firmware Version 15.40

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-335-02

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2022
Vulnerability Reserved
Aug 3, 2022

Credit

m1etz reported these vulnerabilities through the Computer Emergency Response Team, CERT-Bund, to CISA

CVE-2022-2641 Data

JSON