Rockwell Security Vulnerability Impacting CompactLogix

Home PLCGurus.NET Live & Interactive Forum Announcements Rockwell Security Vulnerability Impacting CompactLogix

https://www.linkev.com/?a_fid=ics-eng
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #2821
    Fred GrahamFred Graham
    Keymaster
    • Topics: 15
    • Replies: 158
    • Total Posts: 173

    Hi everybody,

    In an advisory published last week, Rockwell Automation informed customers that the flaw impacts Allen-Bradley CompactLogix 5370 and Compact GuardLogix 5370 programmable automation controllers, which are used to control processes in the critical infrastructure, water systems, entertainment, automotive, food and beverage, and other sectors.

    The vulnerability is tracked by Rockwell as CVE-2017-9312 and it has been classified as “high severity” with a CVSS score of 8.6. CompactLogix 5370 L1, L2 and L3, and Armor CompactLogix 5370 L3 small controllers, and Compact GuardLogix 5370 and Armor Compact GuardLogix 5370 L3 safety controllers running firmware version 30.012 and prior are affected. The security hole has been patched with the release of version 31.011.

    A remote attacker can exploit the vulnerability to cause affected devices to enter Major Non-Recoverable Fault (MNRF) mode, which results in a DoS condition that requires the user to re-download the application program in order to restore the system.

    To view the full article in detail visit PLCGurus.NET’s Flipboard Magazine today and be sure to follow us!

    Fred

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.