Site icon IT World Canada

Max level vulnerability found in Logix PLCs

Virus on pc illustration

Source: Intpro | Getty Images

A new vulnerability discovered in various Rockwell Automation programmable logic controllers (PLC) has received a 10 out of 10 risk score, the highest possible on the CVSS vulnerability scale.

The new vulnerability is being tracked as CVE-2021-22681. Attackers can abuse this flaw in the Logix Designer 5000 software to gain the secret cryptographic key, which is used to establish a secure connection between the PLC and the engineering station. The keys are baked into the hardware so they cannot be changed by the operator.

Once obtained, the key can be used to bypass verification systems, giving the attacker unrestricted access to the engineering systems. The attacker can then remotely install malware onto the afflicted devices to sabotage the manufacturing process.

Related:

VMware’s code-execution flaw has a severity rating of 9.8 out of 10

 

The Industrial Control System Cyber Emergency Response Team wrote in an advisory that this vulnerability requires low skill to execute.

Although the flaw was publicly disclosed on Feb. 25, Rockwell Automation had known about the flaw since it was first discovered by cybersecurity firm Claroty in 2019.

No patch is currently available. In the meantime, Rockwell Automation recommends setting the controllers to “run” mode and segment the devices’ networks. It also urges operators to keep their security suites up to date.

To track if an attack has occurred, Rockwell Automation suggests monitoring the controller’s changelog and Logix Designer’s Change Detection feature.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also has a page set up for control systems security recommended practices.

Affected PLCs include:

Exit mobile version