Rockwell Allen-Bradley MicroLogix, SLC 500, and PLC-5 Fault Generation Vulnerability

CVEs (1)

Remediations

• On August 2, 2013, Rockwell Automation updated their product security advisory that addresses this topic. This product security advisory, titled “511407 - MicroLogix, SLC 500 and PLC5 Controller Vulnerability,” can be found at the following location: (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/511407) There are now firmware releases available for MicroLogix 1100 controller, MicroLogix 1200 controller, MicroLogix 1400 controller, and MicroLogix 1500 controller.
• Rockwell Automation recommends the following mitigation strategies to help reduce the likelihood of compromise and the associated security risk. When possible, multiple strategies should be employed simultaneously. If possible, change the controller’s settings to the nonvulnerable state: SLC-500: Set the Status file to “Static”. PLC-5: Enable the Passwords and Privileges feature. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to (http://www.ab.com/networks/architectures.html) for comprehensive information about implementing validated architectures designed to deliver these measures.
• Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked. Block all traffic to the EtherNet/IP or other CIP protocol based devices from outside the Manufacturing Zone by restricting or blocking access to both TCP and UDP Port# 2222 and Port 44818 using appropriate security technology (e.g., a firewall, UTM devices, or other security appliance). Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment. For more information about this vulnerability or other problems with a Rockwell device, please contact the Rockwell Automation Support Center at (https://rockwellautomation.custhelp.com).

Affected Vendors

Affected Products (6)