It is currently 18-12-2017 04:09

Vulnerability in the PLC MicroLogix 1400 from Rockwell Automation allows you to control the device

Vulnerability in the PLC MicroLogix 1400 from Rockwell Automation allows you to control the device

by sigismund » 2016-08-16 12:35:05


depending on the PLC functionality of the consequences of the attack of the exploitation of the vulnerability can be catastrophic.


Researchers from Cisco Talos discovered a serious vulnerability in the programmable logic controllers (PLC) MicroLogix 1400 produced by the American company Rockwell Automation. CVE-2016-5645 affects the SNMP Protocol and allows attackers to remotely gain complete control over the system MicroLogix 400, to modify the device's firmware and to run malicious code.

PLC MicroLogix 1400 are widely used in automated control systems starting with the basic industrial equipment and heating/air conditioning and ending with SCADA. "The vulnerability exists due to an undocumented common string to SNMP, allowing an attacker to gain complete control over an affected device, change configuration settings, replace the firmware of devices with malicious code, and even in any way interfere in their work", - reported in the notification of Cisco Taos.

Depending on the functions performed by the PLC in process of production management, the consequences of the attack with the exploitation of this vulnerability can be catastrophic. Users are recommended to take some measures to prevent possible attacks with the exploitation of this vulnerability:

– To use the setting "RUN" switch of the PLC to prevent the installation of unauthorized and unwanted firmware updates;

– Use the appropriate solutions to manage network infrastructure such as firewalls that block SNMP requests from unauthorized sources;

– Disable activated in the MicroLogix 1400 by default, the SNMP service (for firmware updates it must be re-enabled). You should pay attention to the fact that the change in the total row is not an effective way of protection against possible attacks;

– Block access to the ACS via the Internet;

To isolate the ASU network from the corporate network and used to protect firewalls;

– If there is a need for remote access, you should use a virtual private network (VPN). However, be aware that they contain vulnerabilities and require regular updating.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5