The US Cert has reported on multiple critical vulnerabilities in Rockwell Automation PLC’s. The affected systems are:
- MicroLogix 1400 Controllers,
- MicroLogix 1100 Controllers,
- RSLogix 500 Software
The bugs could allow an attacker to gain access to sensitive project file information, including passwords. Rating 9.8 out of 10 on the CVSS v3 severity scale, the bugs include the use of hard-coded cryptographic key; use of a broken or risky algorithm for password protection; use of client-side authentication; and clear text storage of sensitive information.
Bugs and vulnerabilities are a fact of our OT life. It all comes down to how recognizing you have vulnerabilities and how you respond to it. Doing nothing is not an option and therefore:
- Know which assets you have,
- Know their vulnerabilities,
- Understand your threats,
- Have a maintenance service plan,
- Respond and solve the vulnerabilities.
Whereas visibility is the basis of security management, in practice we see the industry is struggling to produce an up-to-date asset inventory. CR-Team can help you to obtain visibility of all assets and connections in your OT network. Please check this page about security scans or reach out to us for more information.