← Back to home
ICSA-24-319-13  ·  Published 2024-11-18  ·  View on CISA ICS-CERT ↗

Rockwell Automation Verve Reporting (Update A)

CVSS 7.2 HIGH

Risk Summary

Successful exploitation of this vulnerability could lead to arbitrary code execution.

CVEs (1)

Remediations

  • Rockwell recommends users to apply the following mitigation and follow their security best practices:
  • Restrict Access to Built-in Verve Account
  • Access to the built-in "verve" account should be limited to only administrators who need to perform administrative functions and should only be used for administrative purposes. Separate accounts should be used for day-to-day functions.
  • Change the password for the built-in "verve" account if it has been shared.
  • Restrict Privileges for Other Accounts *-* Verve Reporting comes with built-in roles to simplify the delegation of user permissions. Assigning a user the following two roles will allow them access to most Verve Reporting features (excluding user administration), but will not give them permission to execute this vulnerability. *-* Role: all-all *-* Role: feature-all-all
  • Verve Reporting comes with built-in roles to simplify the delegation of user permissions. Assigning a user the following two roles will allow them access to most Verve Reporting features (excluding user administration), but will not give them permission to execute this vulnerability. *-* Role: all-all *-* Role: feature-all-all
  • all-all
  • feature-all-all
  • Disable Machine Learning *-* Machine learning can be disabled in the Elasticsearch configuration override. Contact Verve support for assistance if needed. *-* Connect to the Reporting server via SSH or terminal. *-* Copy the Elasticsearch configuration override to the working directory. *-* docker exec $(docker ps --filter "name=Reporting_elasticsearch" --format "{{ .ID }}") cat /usr/share/elasticsearch/config-templates/elasticsearch.override.yml > elasticsearch.override.yml *-* *-* *-* Add the following line and save. *-* xpack.ml.enabled: false *-* *-* *-* Disable Verve Reporting from the Verve Software Manager. *-* Update the Elasticsearch configuration override. *-* docker config rm elasticsearchymloverride *-* docker config create elasticsearchymloverride ./elasticsearch.override.yml *-* *-* *-* Enable Verve Reporting from the Verve Software Manager and confirm that the application starts and "Machine Learning" is no longer listed in the main navigation bar under Analytics. *-* Delete the copy of the Elasticsearch configuration override. *-* rm elasticsearch.override.yml
  • Machine learning can be disabled in the Elasticsearch configuration override. Contact Verve support for assistance if needed. *-* Connect to the Reporting server via SSH or terminal. *-* Copy the Elasticsearch configuration override to the working directory. *-* docker exec $(docker ps --filter "name=Reporting_elasticsearch" --format "{{ .ID }}") cat /usr/share/elasticsearch/config-templates/elasticsearch.override.yml > elasticsearch.override.yml *-* *-* *-* Add the following line and save. *-* xpack.ml.enabled: false *-* *-* *-* Disable Verve Reporting from the Verve Software Manager. *-* Update the Elasticsearch configuration override. *-* docker config rm elasticsearchymloverride *-* docker config create elasticsearchymloverride ./elasticsearch.override.yml *-* *-* *-* Enable Verve Reporting from the Verve Software Manager and confirm that the application starts and "Machine Learning" is no longer listed in the main navigation bar under Analytics. *-* Delete the copy of the Elasticsearch configuration override. *-* rm elasticsearch.override.yml
  • Connect to the Reporting server via SSH or terminal.
  • Copy the Elasticsearch configuration override to the working directory. *-* docker exec $(docker ps --filter "name=Reporting_elasticsearch" --format "{{ .ID }}") cat /usr/share/elasticsearch/config-templates/elasticsearch.override.yml > elasticsearch.override.yml
  • docker exec $(docker ps --filter "name=Reporting_elasticsearch" --format "{{ .ID }}") cat /usr/share/elasticsearch/config-templates/elasticsearch.override.yml > elasticsearch.override.yml
  • Add the following line and save. *-* xpack.ml.enabled: false
  • xpack.ml.enabled: false
  • Disable Verve Reporting from the Verve Software Manager.
  • Update the Elasticsearch configuration override. *-* docker config rm elasticsearchymloverride *-* docker config create elasticsearchymloverride ./elasticsearch.override.yml
  • docker config rm elasticsearchymloverride
  • docker config create elasticsearchymloverride ./elasticsearch.override.yml
  • Enable Verve Reporting from the Verve Software Manager and confirm that the application starts and "Machine Learning" is no longer listed in the main navigation bar under Analytics.
  • Delete the copy of the Elasticsearch configuration override. *-* rm elasticsearch.override.yml
  • rm elasticsearch.override.yml
  • Security Best Practices
  • For more information, please see the Rockwell Automation security advisory.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Verve Reporting <1.39

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more