Rockwell Vulnerability

[JonMusk]

Here we are on the fools day. Many smart readers here should be aware of these newly discover vulnerabilities:

https://www.darkreading.com/vulnera...mation-plcs-could-enable-stuxnet-like-attacks

 

[Nova5]

Yea not visiting a link of a 1 count poster who joined the day before..

 

[Robobob]

The article refers to a claroty.com blog describing a newly discovered vulnerability Here is a link to the claroty.com blog. It is worth the read.
https://claroty.com/2022/03/31/blog-research-hiding-code-on-rockwell-automation-plcs/

It refers to Tech Notes
ID: PN1585 | Access Levels: Everyone
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134276
and
ID: PN1586 | Access Levels: Everyone
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1134329

 

[L33er]

Yea not visiting a link of a 1 count poster who joined the day before..

His link is valid, don't be a smart aleck.

These two vulnerabilities have the potential to be Stuxnet-like attacks, so they are serious and have a big implication, one is rated at 10.
They affected the bread and butter product lines of Rockwell including the control/CompactLogix, as well as the GuardLogix.

From what I can gather, the remote exploit is based on the fact that bytecode/compiled code and user source code are stored in different locations and there is no live check mechanism to detect the difference.

The chart that Rockwell showed most ladder diagram logic are not affected, but then when I looked at the AOI column, they are all affected, nowadays, most programs have many AOIs.

Rockwell suggests recompiling and downloading, perhaps daily? How practical is that? I imagine during the night, an attacker can change the speed of the press and ram the **** out of it. What good is downloading & recompiling it in the morning?