PatchSiren cyber security CVE debrief
CVE-2019-18276 Rockwell Automation CVE debrief
CVE-2019-18276 is a HIGH severity vulnerability (CVSS 7.8) affecting Rockwell Automation DataMosaix Private Cloud versions 7.07 and earlier. The vulnerability stems from the product's use of GNU Bash through 5.0 patch 11, specifically in the disable_priv_mode function within shell.c. A threat actor with existing shell command execution capabilities can leverage the 'enable -f' mechanism for runtime loading to escalate privileges, potentially achieving remote code execution. This CVE was published on October 10, 2024, as part of CISA's coordinated disclosure process documented in advisory ICSA-24-284-16. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Rockwell Automation has released version 7.09 to address this issue.
- Vendor
- Rockwell Automation
- Product
- DataMosaix Private Cloud
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-10
- Original CVE updated
- 2024-10-10
- Advisory published
- 2024-10-10
- Advisory updated
- 2024-10-10
Who should care
Organizations operating Rockwell Automation DataMosaix Private Cloud in industrial environments, particularly those in critical infrastructure sectors. Security teams responsible for OT/ICS asset management, patch management personnel, and network defenders monitoring industrial control systems should prioritize assessment and remediation.
Technical summary
The vulnerability exists in the disable_priv_mode function within shell.c of GNU Bash versions through 5.0 patch 11, which is utilized by DataMosaix Private Cloud. An attacker with existing shell command execution can use the 'enable -f' built-in command to load arbitrary shared objects at runtime, bypassing intended privilege restrictions. This enables privilege escalation and potential remote code execution. The attack requires local access or prior compromise to obtain shell execution (Attack Vector: Local, Attack Complexity: Low, Privileges Required: Low).
Defensive priority
HIGH
Recommended defensive actions
- Update Rockwell Automation DataMosaix Private Cloud to version 7.09 or later to remediate this vulnerability
- Apply CISA ICS recommended practices for network segmentation and defense-in-depth strategies for industrial control systems
- Review Rockwell Automation security advisories for additional mitigation guidance specific to your deployment
- Implement principle of least privilege for shell access and restrict command execution capabilities where possible
- Monitor for anomalous shell activity and privilege escalation attempts on affected systems prior to patching
Evidence notes
The vulnerability description is derived from CISA CSAF source data indicating DataMosaix Private Cloud uses vulnerable GNU Bash versions. The affected product version is confirmed as <=7.07 in the CSAF product tree. Remediation guidance specifies version 7.09 as the fixed release.
Official resources
-
CVE-2019-18276 CVE record
CVE.org
-
CVE-2019-18276 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-24-284-16 on October 10, 2024, coordinating disclosure of this vulnerability affecting industrial control systems.