{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "CompactLogix L32E and L35E controllers", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "1788-ENBT FLEXLogix adapter", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "1794-AENTR FLEX I/O EtherNet/IP adapter", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "ControlLogix, CompactLogix, GuardLogix, and SoftLogix", "vendor": "Rockwell Automation", "versions": [ { "lessThanOrEqual": "18", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "CompactLogix and SoftLogix controllers", "vendor": "Rockwell Automation", "versions": [ { "lessThanOrEqual": "19", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "ControlLogix and GuardLogix controllers", "vendor": "Rockwell Automation", "versions": [ { "lessThanOrEqual": "20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "MicroLogix", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "1100" }, { "status": "affected", "version": "1400" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "This vulnerability was discovered by Rockwell Automation engineers as they were investigating other vulnerabilities reported at the Digital Bond S4 2012 Conference." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
\n\n\n\n\n\n\n\n\n\n\n\n\nThe Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information.\n\n
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400
According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.
To mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell’s Advisories at:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
For more information on security with Rockwell Automation products, please refer to Rockwell’s Security Advisory Index.
" } ], "value": "According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration.\n\nTo mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell’s Advisories at:\n\n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 \n https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 \n\nFor more information on security with Rockwell Automation products, please refer to Rockwell’s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 ." } ], "source": { "advisory": "ICSA-13-011-03", "discovery": "INTERNAL" }, "title": "Rockwell Automation ControlLogix PLC Improper Input Validation", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products.
\n\nTo mitigate the vulnerability with the Web server password authentication mechanism:
In addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices: