Loading

PN402 | ControlLogix 1756-ENBT/A EtherNet/IP Bridge - Potential Security Vulnerability

Severity:
Medium
Advisory ID:
PN402
게시한 날짜:
February 11, 2020
최근 업데이트:
February 11, 2020
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
아니요
Workaround:
아니요
요약
ControlLogix 1756-ENBT/A EtherNet/IP Bridge - Potential Security Vulnerability

Introduction

ControlLogix 1756-ENBT/A EtherNet/IP Bridge - Potential Security Vulnerability

Description

Rockwell Automation has identified a potential security vulnerability in the firmware upgrade process employed by the ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module (the "Product"). Details of this potential vulnerability are as follows:

  • The potential for an unauthorized replacement of Rockwell Automation Product firmware with a corrupted firmware image that may render the Product inoperable and/or change its otherwise normal operation.

The results from an attacker’s successful exploitation of this vulnerability could include Denial of Service (DoS) to the Product and other components dependent on the Product. In an extreme case, successful exploitation could result in a potential misrepresentation of data or a repurposing of the Product for other malicious activities.

To help reduce the likelihood of exploitation and to help reduce associated security risk, Rockwell Automation recommends the following short-term mitigation strategies (Note: multiple strategies can be employed simultaneously):

  1. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to Industrial Network Architectures for comprehensive information about implementing validated architectures designed to deliver these measures.
  2. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment and perform product firmware upgrades to that equipment.
  3. Block all traffic to the EtherNet/IP or other CIP protocol based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Port# 2222 and Port# 44818 using appropriate security technology (E.g. a firewall, UTM devices, or other security appliance).

In addition to these short-term mitigation strategies, Rockwell Automation continues our investigation and evaluation of other long-term mitigation strategies that include, but are not limited to:

  1. Product and system-level techniques and functional enhancements to verify the authenticity of firmware updates and help reduce the likelihood of file tampering.
  2. Enhancements to the joint Rockwell Automation / Cisco Plantwide Reference Architecture that detail methods and recommendations which can further strengthen control system security.

For your information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at https://www.rockwellautomation.com/global/capabilities/industrial-security/overview.page.

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 홈
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
계속 진행하기 위해 쿠키 설정을 업데이트하십시오..
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • 소셜 미디어 쿠키
  • 기능 쿠키
  • 성능 쿠키
  • 마케팅 쿠키
  • 모든 쿠키
귀하는 쿠키 설정을 언제든지 변경할 수 있습니다. 자세한 내용은 이곳에서 확인하십시오. {0} 개인 정보 보호 정책
CloseClose