Late Friday afternoon the folks at DHS ICS-CERT published an advisory on a fault generation vulnerability on the Rockwell Automation Allen-Bradley MicroLogix, SLC 500, and PLC-5 controllers. The vulnerability was reported by Matthew Luallen of CYBATI in a coordinated disclosure.
According to the Advisory a relatively low skilled attacker could execute a denial of service attack using this vulnerability, though there is no known publicly available exploit. This vulnerability becomes exploitable when “certain configuration parameters are not enabled”. For the SLC-500 controller the vulnerability can be avoided if the Status file is set to “Static”. For the PLC-5 controller the vulnerability can be avoided if the ‘Password and Privileges’ feature is enabled. There is nothing in the Advisory that outlines the settings that could avoid the vulnerability in the MicroLogic controllers due to “technical limitations of the platform”, though additional work is ongoing.
In addition the Advisory lists the standard ICS-CERT recommendations for isolating the devices from outside contact with the Rockwell specific additions of “restricting or blocking access to both TCP and UDP Port# 2222 and Port 44818 using appropriate security technology”. Rockwell also offers Rockwell Automation’s Network & Security Services team for specialized, consultative services.