“Halt the system's operation (Denial of Service) “Gain unauthorized access with high privileges to the system “Leverage these vulnerabilities to attempt to find additional vulnerabilities in the server….”Neither the discoverer of the vulnerability, Eyal Udassin from C4 Security, nor Rockwell Automation are publicly discussing the details of the vulnerability. Why they won’t tell me (who couldn’t identify a Micrologix controller sitting on the table) or the local hacker society the details of the problem is beyond belief…. (tongue firmly in cheek). Rockwell Automation is working directly with potentially affected device owners to resolve the issue. If your facility has one or more of these controllers on site, contact your supplier immediately. C4 Security will discuss the issue with verified owners (contact them at info_at_c4-security.com). Interestingly I can find no mention of this issue on either the Rockwell web site or the CERT website. One final note; this would be a good question for DHS inspectors to ask about at SSP inspections or site visits when the issue of cyber security comes up.
Experts compete to find Ukraine grid hack 'smoking gun'
11 months ago