02 марта 2021
KLCERT-17-029: Authentication bypass in Rockwell Automation Logix controllers
Vendor
Rockwell Automation
-
CVE-IDS
-
KLCERT
KLCERT-17-029
Timeline
Timeline
-
Kaspersky ICS CERT advisory updated
02 ноября 2023
-
Kaspersky ICS CERT advisory published
02 марта 2021
-
Vendor published the advisory
25 февраля 2021
-
Vendor confirmed the vulnerability
22 сентября 2017
-
Vulnerability reported
20 сентября 2017
Description
Exploitability
Remotely
Attack complexity
User interaction
Impact
Existence of exploit
PoC
Affected products
RSLogix 5000 software v16-v20
Studio 5000 Logix Designer v21 and later
1768 CompactLogix
1769 CompactLogix
CompactLogix 5370
CompactLogix 5380
CompactLogix 5480
ControlLogix 5550
ControlLogix 5560
ControlLogix 5570
ControlLogix 5580
DriveLogix 5730
FlexLogix 1794-L34
Compact GuardLogix 5370
Compact GuardLogix 5380
Guardlogix 5560
GuardLogix 5570
GuardLogix 5580
SoftLogix 5800
Mitigation
Vendor mitigation
Vendor provided detailed information for mitigation in the security bulletin (login required).
KL mitigation
- Set up the border firewall (or a similar network traffic control solution) to allow only authorized parties to send traffic to port 44818/TCP of the system.
- Compartmentalize your network: implement network segmentation and strict access control for each segment to provide more comprehensive and efficient protection against a wide range of threats. Proper network segmentation prevents attackers from reaching critical assets in case of a network breach.
- Implement a network intrusion detection system (NIDS). A comprehensive intrusion detection system is capable of detecting unusual network connections and abnormal traffic sent to the device, providing timely information about various suspicious activities and sufficiently reducing the attacker’s chances of successful exploitation.
Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
