Rockwell's latest vulnerability EtherNet/IP communication DoS

KuulKuum

Lifetime Supporting Member
Join Date
Jun 2006
Location
Texas
Posts
456
FYI, I received an email a few days ago about RA vulnerability with communication modules denial-of-service as well as ML1400 vulnerability.
Most of the communication modules listed have "No direct mitigation provided"

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1081928

The question I have is: WHY it has taken Rockwell so long to even report this type of vulnerability?
The real kicker here is to mitigate these vulnerabilities with their communication modules is to contact a local rep. or sales in order to upgrade to a newer product..$$$$ :mad:

btw: the current client site that I'm working at has 100s of these comm modules.
 
I get it that it's frustrating when firmware writers don't account for all possible attacks and patch only the newest product first.

The most likely way this would be exploited would result in loss of IP connectivity and a physical hunt for affected devices. Yes, I can already imagine more malicious ways to use it if a person had knowledge of the control system.

I'm confident that Rockwell will fix the older 1756-ENBT and 1756-EN2T firmware on pre-Series C modules.

I'm not saying this isn't important or worth taking seriously, only that it's probably not catastrophic as of today.
 
I'm not understanding. How is any different than any other manufacturer? Not to down play this specific issue, but just like hundreds of such vulnerabilities notification I get on a monthly basis, if someone get inside your network. Changing the IP address on the controller seems the least of my worries.

Another thing, most vendor does not pro-actively notify users on vulnerability. If you want to be notify as such, subscribe to ICS-CERT's free notification service.
 
Ethernet/IP is not a secure protocol, it does not support encryption, authentication etc.

As harryting says, it is much more serious to expose the local network to external intrusions than this related vulnerability
 
If someone has access to your network, simply putting another device on the network with the same IP will take down comms (or if you're really clever take a block of IPs down).

I wouldn't say I've got a huge issue with this, someone/thing having access to your process network seems like the bigger issue.
 
That's the very reason you need to keep the plant plc side away from the corporate side which has internet !

we have separate networks and sql passing data from one side to the other.
there are only a few of us with the authority to remote into the plc side from offsite and make changes and we keep track of when they log in / out.

james
 

Similar Topics

Hi all, Where can I find the latest hardware series information on Rockwell's Literature library? Specifically a 1756-85E. I want to know the...
Replies
6
Views
1,939
well after years of using a lot or AB / Rockwell software i have finally got a job to use Connected Components workbench. i have down loaded and...
Replies
7
Views
3,168
Hello everyone! I work in a big plant with a lot of controllers/HMI/equipment that I don't have a catalog of. I want to be future ready for when...
Replies
13
Views
3,691
Hi!! I'm looking for Temperature rise calculation software from Rockwell, I just download "Product selection toolbox 2022" but this software is...
Replies
0
Views
71
Hi all. I'm building my first Grafcet using Logix, but I started from another project. From what we usually do with other PLC's, I was expecting...
Replies
1
Views
53
Back
Top Bottom