There is a recent vulnerability released in Rockwell Automation software where the authentication mechanism for communication to PLC’s has been compromised.
Rockwell controllers use a security key to validate that PLC’s are connecting with Rockwell Automation software. There is a vulnerability in RSLogix (v16-20) / Studio 5000 (v21+) where this key has been compromised, allowing any third-party tool to alter the controller’s configuration. A CVSS v3 base score of 10.0 has been calculated (maximum). This is a very severe vulnerability if exploited could impact production wherever vulnerable PLCs are used.
The following PLC’s are affected:
Proper network segmentation and security controls should be implemented to reduce the exposure to these devices.
Cybertrol recommends the following should be considered as part of a defense in depth strategy.
If you would like to speak to one of our cybersecurity experts, contact us and one of our Industrial IT team members will evaluate your production network and provide recommendations to achieve a secure and maintainable network infrastructure.