Monday, September 19, 2011

ICS-CERT Updates Rockwell RSLogix Alert

Today the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an updated version of the Alert published last week for the Rockwell RSLogix overflow vulnerability. The update provides additional information about the systems affected and interim mitigation measures to be taken pending the publication of a patch within the next two weeks.

Rockwell notes that their RSLogix 5000 supports “Allen-Bradley ControlLogix and GuardLogix family of programmable controllers” (pg 2). They recommend that operators configure firewalls to block a number of specific TCP ports beyond the one identified in the original alert. Additionally, they have published two separate security advisories about the matter at and at.

Rockwell is to be commended for their quick response and their willingness to identify additional TCP ports that are presumably vulnerable to similar types of attacks. Hopefully, they have communicated this information directly to their customers and other vendors that use their RSLogix 5000 in OEM applications.

No comments:

/* Use this with templates/template-twocol.html */