PN560 | Password Security Vulnerability in MicroLogix™ Controllers

Introduction

Description

Issue date December 18, 2009. Updated September 27, 2011.

Rockwell Automation has identified a security vulnerability in the programming and configuration client software authentication mechanism employed by the MicroLogix™ family of programmable controllers. This vulnerability is known to affect the MicroLogix family of controller platforms, including catalog numbers: 1761-Lxxxxx, 1762-Lxxxxx, 1763-Lxxxxx, 1764-Lxxxxx, 1766-Lxxxxx (the "Product").

Vulnerability Details:

The potential exists for a highly skilled, unauthorized person with specific tools, know-how and access to the Product or the control system communication link, to intercept and decipher the Product’s password and potentially make unauthorized changes to the Product’s operation.

--- Update begins here ---

Vulnerability Mitigation

The password mechanism used between RSLogix 500 software and MicroLogix controllers (1761-Lxxxxx, 1762-Lxxxxx, 1763-Lxxxxx, 1764-Lxxxxx, 1766-Lxxxxx) has been enhanced to mitigate risks relating to this specific vulnerability. Concerned customers are encouraged to upgrade RSLogix 500 software to version 8.4 or greater.

--- Update ends here ---

In addition to the recommended software upgrade, Rockwell Automation recommends customers take additional steps as outlined below to further reduce associated security risk from this vulnerability. These same steps can also serve as a checklist to verify available security capabilities are in place in a system’s configuration too (Note: when possible, multiple strategies should be employed simultaneously):

1. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment.

1. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.

1. Block all traffic to the CSP, EtherNet/IP or other CIP protocol based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Port# 2222 and Port# 44818 using appropriate security technology (e.g. a firewall, UTM devices, or other security appliance).

1. Periodically and frequently change the Product’s password and obsolete previously used passwords to reduce exposure to threat from a Product password becoming known.

Rockwell Automation remains committed to making additional security enhancements to our products and systems in the future. For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status