Today the DHS ICS-CERT published an industrial control system security advisory for the Rockwell Automation MicroLogix 1400 programmable logic controllers (PLC). The advisory describes an execution with unnecessary privileges vulnerability in the PLC due to the use of the Simple Network Management Protocol (SNMP) to manage the product’s firmware, including the capability of applying firmware updates to the product.
ICS-CERT reports that a relatively unskilled attacker could remotely exploit the vulnerability to make unauthorized changes to the product’s configuration, including firmware updates.
ICS-CERT reports that due to the nature of this product’s firmware update process, this capability cannot be removed from the product. The advisory provides a series of mitigating measures to reduce risk of this capability being used by a malicious actor.
Important Question – What other ICS devices use the same SNMP protocol?