Cisco security crew uncovers bug in industrial control kit
Firmware manipulating string luckily not documented
Cisco has uncovered a potentially serious bug in widely used industrial control system kit.
The vulnerability in Allen-Bradley Rockwell Automation MicroLogix1400 Programmable Logic Controllers (PLCs) arose from the presence of an undocumented Simple Network Management Protocol (SNMP) community string. The flaw might be leveraged by an attacker to gain full control of affected devices, security researchers at Cisco Talos warns.
Attackers can also manipulate configuration settings, replace the firmware running on the device with attacker-controlled code, or otherwise disrupt device operations. Cisco Talos adds that "most operators are not likely to even be aware of [the flaw's] existence" as the "SNMP string is not documented by the vendor". ®
Updated at 08:40 on Friday 19 August to add: Rockwell Automation has been in touch to comment: "Rockwell Automation disclosed an undocumented and hardcoded credential vulnerability and recommended mitigations regarding the MicroLogix 1400 on August 11, 2016.
"This vulnerability, identified by Cisco Talos, Cisco’s internal threat intelligence organization, may allow for unauthorized changes to the product’s configuration. The MicroLogix 1400 utilizes simple network management protocol (“SNMP”) and potentially allows authenticated users to manage the firmware updates to the product.
"The company took rapid steps to respond to this vulnerability and has offered specific and actionable product mitigations to reduce the risk of this capability being used by an unauthorized and malicious user. Rockwell Automation customers are strongly encouraged to evaluate and deploy the risk mitigation strategies included in our disclosure, including disabling of the product’s SNMP capabilities."