Rockwell Clears MicroLogix Controller Hole

Tuesday, January 9, 2018 @ 03:01 PM gHale

Rockwell Automation released upgraded software to mitigate a buffer overflow vulnerability in its Allen-Bradley MicroLogix 1400 Controllers, according to a report with ICS-CERT.

Successful exploitation of this vulnerability, discovered by Thiago Alves of the University of Alabama, could cause the device the attacker is accessing to become unresponsive to Modbus TCP communications and affect the availability of the device.

GM, Shanghai OnStar Fix iOS Client
Advantech Clears WebAccess Holes
Delta Electronics Fixes GUI
Moxa Clears NPort Issue

The following versions of MicroLogix 1400 Controllers, a PLC, suffer from the remotely exploitable vulnerability:
• MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier

Rockwell also said the following catalogs ended affected from the issue:
• 1766-L32AWA
• 1766-L32AWAA
• 1766-L32BWA
• 1766-L32BWAA
• 1766-L32BXB
• 1766-L32BXBA
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2017-16740 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

The product sees use mainly in the critical manufacturing, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

Rockwell Automation encourages affected users to upgrade to the latest version of available firmware, FRN 21.003.

Rockwell Automation also suggests Modbus TCP can be disabled if it is not necessary in the implementation of the device to mitigate the vulnerability.

For more information, Rockwell Automation released a security bulletin a user can access using valid credentials.

Leave a Reply

You must be logged in to post a comment.