No known public exploits specifically target this vulnerability. This vulnerability could be exploited remotely. e - End Update B Part 2 of 3 - VULNERABILITY DETAILS EXPLOITABILITY A CVSS v2 base score of 7.1 has been assigned the CVSS vector string is (AV:N/AC:M/Au:N/C:N/I:N/A:C). Physical interaction is required to recover the device.
An attack will be successful regardless of controller’s mode switch setting. This creates a device fault, which in turn causes a DoS.Īttackers sending malicious packets to Port 2222 TCP/UDP and Port 44818 TCP/UDP will cause the device fault. To exploit the vulnerability, the attacker sends specially crafted messages that change specific bits in status files. When certain configuration parameters are not enabled, the affected devices are susceptible to a remote attack.
.jpg "rslogix 500 plc")
VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW According to Rockwell’s web site, these products are used in Germany, Czech Republic, France, Poland, Denmark, Hungary, Italy and other countries in Europe, as well as the United States, Korea, China, Japan, and Latin American countries. According to Rockwell Automation, these products are deployed across several sectors including agriculture and food, water, chemical, manufacturing and others. The affected products, MicroLogix, SLC500, and PLC5 are programmable logic controllers (PLC). Rockwell Automation provides industrial automation control and information products worldwide, across a wide range of industries. NCCIC/ICS‑CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Recovery from this fault state requires the controller’s operating mode selector to be switched via direct physical interaction. This vulnerability affects the availability of the device and connected devices.Ī successful attack will cause the controller to cease its logic execution and enter a fault state. Rockwell Automation reports that the vulnerabilities affect the following versions of Allen‑Bradley devices: Rockwell has released new firmware for the MicroLogix product line that resolves this vulnerability. That includes mitigation strategies for this vulnerability. Independent researcher Matthew Luallen of CYBATI has identified a fault generation vulnerability that can cause a denial of service (DoS) in the Rockwell Automation Allen-Bradley MicroLogix, SLC 500, and PLC-5 controller. This updated advisory is a follow-up to the updated advisory titled ICSA-12-342-01A Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 controller that was published December 11, 2012, on the NCCIC/ICS-CERT web site.
0 kommentar(er)
