Loading

PN1594 | APT Cyber Tools Targeting ICS/SCADA Devices (PIPEDREAM/INCONTROLLER)

Advisory ID:
PN1594
Fecha de publicación:
May 06, 2022
Última actualización:
May 06, 2022
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
Resumen
APT Cyber Tools Targeting ICS/SCADA Devices (PIPEDREAM/INCONTROLLER)

Revision History
Revision History
Version 1.0 – May 6, 2022

Executive Summary

On April 13, 2022, researchers announced a new set of tools that was developed by an Advanced Persistent Threat (APT). This set of tools allows threat actors to attack specific ICS and OT hardware and software. Rockwell Automation is providing this advisory to notify customers of our response to this threat.

We are diligently working through our process to evaluate the threat and provide security mitigations as needed. Rockwell Automation recommends that customers apply hardening techniques, in addition to security best practices for a comprehensive defense in depth approach.

Affected Products

We are aware that the tool set contains modules that target OPC UA servers, CODESYS runtimes, and ASRock drivers. After evaluation, Rockwell Automation is aware that the products, listed below, use one of the targeted components. This list may be updated if more products are identified.

Products that use OPC UA servers:
  • FactoryTalk® Linx Gateway
    • Editions include embedded, basic, standard, extended distributed, professional
    • Versions include 6.10, 6.11, 6.20, 6.21 and 6.30

Risk Mitigation & User Action

We recommend the following compensating controls for customers using Rockwell Automation products that use the targeted hardware and software:
  • Disable anonymous authentication and configure the use of FactoryTalk Security using the following guidance. FactoryTalk Linx Gateway Getting Result Guide FTLG-GR001E
    • Chapter 4 - UA Server Endpoints - Endpoint Properties
    • Appendix D - Secure FactoryTalk Linx Gateway using FactoryTalk Security
  • Enforce a lockout threshold for failed authentication attempts and configure audit logs using the following guidance to detect signs of an attack. FactoryTalk Security System Configuration Guide Publication FTSEC-QS001R - Chapter 9
    • Set system policies - Account Policy Settings
    • Set audit policies - Monitor security-related events

General Security Guidelines

Refer to the Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.

See the Industrial Security Services website for information on security services from Rockwell Automation to assess, help protect, detect, respond, and recover from incidents. These services include assessments, designs, implementations, industrial anomaly detection, patch management, and remote infrastructure monitoring and administration.

We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation in PN1354 – Industrial Security Advisory Index

Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions website.

If you have questions regarding this notice, please send an email to our product security inbox at: PSIRT@rockwellautomation.com

Additional Links

  • PN1354 – Industrial Security Advisory Index
  • Deploying Industrial Firewalls within a CPwE Architecture Design and Implementation Guide
  • https://www.cisa.gov/uscert/ncas/alerts/aa22-103a

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Página principal de Rockwell Automation
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Actualice sus preferencias de cookies para continuar.
Esta función requiere cookies para mejorar su experiencia. Actualice sus preferencias para permitir estas cookies.:
  • Cookies de Redes Sociales
  • Cookies Funcionales
  • Cookies de Performance
  • Cookies de Marketing
  • Todas las cookies
Puede actualizar sus preferencias en cualquier momento. Para más información, vea nuestro {0} Política de Privacidad
CloseClose