Late Friday afternoon the folks at DHS ICS-CERT published an
advisory on a fault generation vulnerability on the Rockwell Automation
Allen-Bradley MicroLogix, SLC 500, and PLC-5 controllers. The vulnerability was
reported by Matthew Luallen of CYBATI in a coordinated disclosure.
According to the Advisory a relatively low skilled attacker
could execute a denial of service attack using this vulnerability, though there
is no known publicly available exploit. This vulnerability becomes exploitable
when “certain configuration parameters are not
enabled”. For the SLC-500 controller the vulnerability can be avoided if the
Status file is set to “Static”. For the PLC-5 controller the vulnerability can
be avoided if the ‘Password and Privileges’ feature is enabled. There is
nothing in the Advisory that outlines the settings that could avoid the
vulnerability in the MicroLogic controllers due to “technical limitations of
the platform”, though additional work is ongoing.
In addition the Advisory
lists the standard ICS-CERT recommendations for isolating the devices from
outside contact with the Rockwell specific additions of “restricting or
blocking access to both TCP and UDP Port# 2222 and Port 44818 using appropriate
security technology”. Rockwell also offers Rockwell
Automation’s Network & Security Services team for specialized,
consultative services.
Posts
No comments:
Post a Comment