You are not registered yet. Please click here to register!

plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
Try our online PLC Simulator- FREE.  Click here now to try it.

---------->>>>>Get FREE PLC Programming Tips

New Here? Please read this important info!!!

Go Back - Interactive Q & A > - Interactive Q & A > LIVE PLC Questions And Answers

PLC training tools sale

Thread Tools Display Modes
Old November 8th, 2018, 10:30 AM   #1
United States

KuulKuum is offline
Join Date: Jun 2006
Location: Texas
Posts: 192
Unhappy Rockwell's latest vulnerability EtherNet/IP communication DoS

FYI, I received an email a few days ago about RA vulnerability with communication modules denial-of-service as well as ML1400 vulnerability.
Most of the communication modules listed have "No direct mitigation provided"


The question I have is: WHY it has taken Rockwell so long to even report this type of vulnerability?
The real kicker here is to mitigate these vulnerabilities with their communication modules is to contact a local rep. or sales in order to upgrade to a newer product..$$$$

btw: the current client site that I'm working at has 100s of these comm modules.
  Reply With Quote
Old November 8th, 2018, 10:48 AM   #2
Ken Roach
Lifetime Supporting Member + Moderator
United States

Ken Roach is offline
Ken Roach's Avatar
Join Date: Apr 2002
Location: Seattle, WA
Posts: 14,615
I get it that it's frustrating when firmware writers don't account for all possible attacks and patch only the newest product first.

The most likely way this would be exploited would result in loss of IP connectivity and a physical hunt for affected devices. Yes, I can already imagine more malicious ways to use it if a person had knowledge of the control system.

I'm confident that Rockwell will fix the older 1756-ENBT and 1756-EN2T firmware on pre-Series C modules.

I'm not saying this isn't important or worth taking seriously, only that it's probably not catastrophic as of today.
  Reply With Quote
Old November 8th, 2018, 11:16 AM   #3
Lifetime Supporting Member
United States

harryting is offline
harryting's Avatar
Join Date: May 2002
Location: Puget Sound
Posts: 1,984
I'm not understanding. How is any different than any other manufacturer? Not to down play this specific issue, but just like hundreds of such vulnerabilities notification I get on a monthly basis, if someone get inside your network. Changing the IP address on the controller seems the least of my worries.

Another thing, most vendor does not pro-actively notify users on vulnerability. If you want to be notify as such, subscribe to ICS-CERT's free notification service.
  Reply With Quote
Old November 8th, 2018, 12:20 PM   #4

lfe is offline
Join Date: Jun 2007
Location: Barcelona
Posts: 395
Ethernet/IP is not a secure protocol, it does not support encryption, authentication etc.

As harryting says, it is much more serious to expose the local network to external intrusions than this related vulnerability
Suppanel HMI
  Reply With Quote
Old November 8th, 2018, 04:24 PM   #5
United States

VAN is offline
Join Date: Apr 2012
Location: Wa
Posts: 248
If someone has access to your network, simply putting another device on the network with the same IP will take down comms (or if you're really clever take a block of IPs down).

I wouldn't say I've got a huge issue with this, someone/thing having access to your process network seems like the bigger issue.
  Reply With Quote
Old November 8th, 2018, 04:44 PM   #6

brendan.buchan is offline
Join Date: May 2010
Location: Melbourne
Posts: 450
Originally Posted by lfe View Post
Ethernet/IP is not a secure protocol, it does not support encryption, authentication etc.
Slightly off topic, but CIP Security over Ethernet/IP has already been developed and is not far away from being released and supported by Rockwell on the new processors and Ethernet cards.
  Reply With Quote
Old November 8th, 2018, 04:54 PM   #7
James Mcquade
United States

James Mcquade is offline
Join Date: Oct 2007
Location: Tennessee
Posts: 2,453
That's the very reason you need to keep the plant plc side away from the corporate side which has internet !

we have separate networks and sql passing data from one side to the other.
there are only a few of us with the authority to remote into the plc side from offsite and make changes and we keep track of when they log in / out.

  Reply With Quote
Jump to Live PLC Question and Answer Forum


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Atlas Copco ComBox-E communication with Ethernet/IP master device Jason_H225 LIVE PLC Questions And Answers 0 April 21st, 2010 11:08 PM
Is communication with PLC-5/30A and 30C over Ethernet/IP supported? m.nazish LIVE PLC Questions And Answers 3 November 4th, 2008 06:15 AM
FYI - AB Ethernet/IP Device communication stop Oakley LIVE PLC Questions And Answers 4 September 5th, 2006 07:25 AM
Communication Between Plc5/30 And Pcmk Card In Dos6.22 Platform And Latest Laptop amu_bgr LIVE PLC Questions And Answers 13 August 22nd, 2006 12:19 PM
CIP - Ethernet/IP - Communication manojvivek LIVE PLC Questions And Answers 2 July 15th, 2002 09:36 AM

All times are GMT -5. The time now is 08:17 AM.