Secure remote access is also suggested at a minimum, using a VPN to connect to a device. Control systems, Rockwell said, should be behind firewalls and isolated from other networks whenever feasible. Rockwell Automation also recommends a number of generic mitigations to blunt the effects of this vulnerability, starting with proper network segmentation and security controls such as minimizing exposure of control systems to the network or the internet. CIP Security prevents unauthorized connections when deployed properly.
Rockwell Automation recommends a number of specific mitigations including putting the controller's mode switch to "Run" mode and deploying CIP Security for Logix Designer connections. An attacker with this key could mimic a workstation and therefore be able to manipulate configurations or code running on the PLC (upload/download logic), and directly impact a manufacturing process.Īffected versions include: Rockwell's Studio 5000 Logix Designer (versions 21 and later) and RSLogix 5000 (versions 16-20), as well as Rockwell Logix Controllers (CompactLogix 1768, 1769, 5370, 5380, 5480, 5550, 5560, 5570, 5580), Drive Logix (5560, 5730, 1794-元4), Compact GuardLogix (53), GuardLogix (55), and SoftLogix 5800.Īn advisory published Thursday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT), describes the vulnerability as requiring low skill level to exploit.Ĭlaroty privately disclosed the flaw to Rockwell in 2019 researchers from South Korea's Soonchunhyang University's Lab of Information Systems Security Assurance, and Kaspersky Lab, were also credited by ICS-CERT as having independently discovered the vulnerability.
These secret keys digitally sign all communication with the Rockwell PLCs the PLCs verify the signature and authorize communication between it and the Rockwell engineering software. If successfully exploited, this vulnerability could allow a remote, unauthenticated attacker to bypass this verification mechanism and connect to Logix controllers.Īn attacker who is able to extract the secret key would be able to authenticate to any Rockwell Logix controller. This key is used to verify communication between Rockwell Logix controllers and their engineering stations. The vulnerability lies in the fact that Studio 5000 Logix Designer software may allow a secret cryptographic key to be discovered. The vulnerability affects Studio 5000 Logix Designer, RSLogix 5000, and many Logix Controllers.Įxploiting this flaw enables an attacker to remotely connect to almost any of the company's Logix programmable logic controllers (PLCs), and upload malicious code, download information from the PLC, or install new firmware. The Claroty Research Team has discovered a severe vulnerability (CVE-2021-22681, CVSS 10.0) in a mechanism that verifies communication between Rockwell Automation PLCs and engineering stations.
0 kommentar(er)
