Tuesday, January 19, 2010

AB Micrologix Vulnerability

On Saturday Walt Boyes from ControlGlobal.com re-published an alert (I must have missed it on the SCADASEC Listserv) about a recently identified security vulnerability in the 1100 and 1400 series Micrologix controllers that allows an outside to gain unauthorized control of these controllers. According to the alert this control would allow an attacker to:
“Halt the system's operation (Denial of Service) “Gain unauthorized access with high privileges to the system “Leverage these vulnerabilities to attempt to find additional vulnerabilities in the server….”
Neither the discoverer of the vulnerability, Eyal Udassin from C4 Security, nor Rockwell Automation are publicly discussing the details of the vulnerability. Why they won’t tell me (who couldn’t identify a Micrologix controller sitting on the table) or the local hacker society the details of the problem is beyond belief…. (tongue firmly in cheek). Rockwell Automation is working directly with potentially affected device owners to resolve the issue. If your facility has one or more of these controllers on site, contact your supplier immediately. C4 Security will discuss the issue with verified owners (contact them at info_at_c4-security.com). Interestingly I can find no mention of this issue on either the Rockwell web site or the CERT website. One final note; this would be a good question for DHS inspectors to ask about at SSP inspections or site visits when the issue of cyber security comes up.

1 comment:

Keith Lester said...

Rockwell Automation posted a TechNote on MicroLogix vulnerability in early January 2010

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/65980/kw/65980/r_id/113025

 
/* Use this with templates/template-twocol.html */