Loading

PN907 | SCADAPass Default Passwords

Advisory ID:
PN907
Data de publicação:
February 11, 2020
Última atualização:
February 11, 2020
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Não
Corrected:
Não
Workaround:
Não
Resumo
SCADAPass Default Passwords

Introduction

SCADAPass Default Passwords

Description

Version 1.0 – January 11th 2016

In January 2016, SCADA Strange Love, an independent group of information security researchers, included several Rockwell Automation products in a project they published called SCADAPass.

SCADAPass contains a list of default passwords in popular industrial control systems ("ICS") and supervisory control and data acquisition ("SCADA") products, including programmable logic controllers ("PLCs") and human-machine interfaces ("HMIs"). Default credentials may be used by an attacker to gain privileged access to remotely accessible assets if a user does not take explicit action to change the default user credentials.

As part of this process, Rockwell Automation evaluated the included products in SCADAPass, and determined that all of the products’ default passwords are changeable by the user. Directions on how to change these passwords are found in the respective product manuals, which can be found in the table below.

INCLUDED PRODUCTS

  • 1756-EN2TSC
  • 1756-EWEB
  • 1734-AENT
  • MicroLogix 1400
  • MicroLogix 1100
  • PanelView Plus 6

RISK MITIGATIONS

  1. Rockwell Automation strongly recommends that asset owners evaluate the passwords used in their production assets, and apply the following suggested mitigations which are applicable:

    Product

    Product Manual
    1756-EN2TSC http://literature.rockwellautomation.com/idc/groups/literature/documents/um/enet-um003_-en-p.pdf
    1756-EWEB http://literature.rockwellautomation.com/idc/groups/literature/documents/um/enet-um527_-en-p.pdf
    1734-AENT http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1734-um011_-en-p.pdf
    MicroLogix 1100 http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1763-um002_-en-p.pdf
    MicroLogix 1400 http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1766-um002_-en-p.pdf
    PanelView Plus 6 http://www.manualsdir.com/manuals/580848/rockwell-automation-2711p-xxxx-panelview-plus-6-terminals-user-manual.html?page=54
  2. Establish and enforce password policies for maximum age of passwords, minimum password length, minimum password complexity, and password re-use.
  3. Use trusted software, software patches, anti-virus / anti-malware programs and interact only with trusted web sites and attachments.
  4. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.
  5. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  6. Locate control system networks and devices behind firewalls, and isolate them from the business network.
  7. When remote access is required, use secure methods, such as Virtual Private Networks ("VPNs"), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
  8. Subscribe to our Security Advisory Index, Knowledgebase article KB:54102 (https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html), so you have access to our most up-to-date information about security matters that affect Rockwell Automation products.

LINKS

KCS Status

Released

Copyright ©2022 Rockwell Automation, Inc.