Work of the CR-Team during the Coronavirus (Covid-19)

The Coronavirus (COVID-19) affects us all in our daily work and requires measures to prevent it from spreading. The health of our employees, customers, business relations and partners remains our first priority. We therefore strictly follow government guidelines. Our products and services, as we carry them out on a daily basis, are decentralised from our offices as much as possible and we maximise working from home in accordance with instructions and possibilities. In this way we can continue to provide you with optimal support and we ensure that CR-Team, also in this difficult period, will provide the continuity of service to you as you have come to expect from us. The meetings with the project teams can take place by Skype or telephone and for the time being we will limit the physical meetings to what is strictly necessary.

Should you have any questions regarding the impact on your project, please do not hesitate to contact us.

/door

Critical bugs affecting ICS devices require very little skill to exploit

Nist security functionsThe US Cert has reported on multiple critical vulnerabilities in Rockwell Automation PLC’s. The affected systems are:

  • MicroLogix 1400 Controllers,
  • MicroLogix 1100 Controllers,
  • RSLogix 500 Software

The bugs could allow an attacker to gain access to sensitive project file information, including passwords. Rating 9.8 out of 10 on the CVSS v3 severity scale, the bugs include the use of hard-coded cryptographic key; use of a broken or risky algorithm for password protection; use of client-side authentication; and clear text storage of sensitive information.

Bugs and vulnerabilities are a fact of our OT life. It all comes down to how recognizing you have vulnerabilities and how you respond to it. Doing nothing is not an option and therefore:

  • Know which assets you have,
  • Know their vulnerabilities,
  • Understand your threats,
  • Have a maintenance service plan,
  • Respond and solve the vulnerabilities.

Whereas visibility is the basis of security management, in practice we see the industry is struggling to produce an up-to-date asset inventory. CR-Team can help you to obtain visibility of all assets and connections in your OT network. Please check this page about security scans or reach out to us for more information.

/door