02 March 2021
KLCERT-17-029: Authentication bypass in Rockwell Automation Logix controllers
Vendor
Rockwell Automation
-
CVE-IDS
-
KLCERT
KLCERT-17-029
Timeline
Timeline
-
Kaspersky ICS CERT advisory published
02 March 2021
-
Vendor published the advisory
25 February 2021
-
Vendor confirmed the vulnerability
22 September 2017
-
Vulnerability reported
20 September 2017
Description
CVSS v3
Exploitability
Remotely
Attack complexity
User interaction
Impact
Existence of exploit
Unknown
Affected products
RSLogix 5000 software v16 and later
Studio 5000 Logix Designer v21 and later
1768 CompactLogix
1769 CompactLogix
CompactLogix 5370
CompactLogix 5380
CompactLogix 5480
ControlLogix 5550
ControlLogix 5560
ControlLogix 5570
ControlLogix 5580
DriveLogix 5730
FlexLogix 1794-L34
Compact GuardLogix 5370
Compact GuardLogix 5380
Guardlogix 5560
GuardLogix 5570
GuardLogix 5580
SoftLogix 5800
Mitigation
Vendor mitigation
Vendor provided detailed information for mitigation in the security bulletin (login required).
KL mitigation
- Border firewall (or a similar network traffic control solution) should be configured to allow traffic to TCP port 44818 from authorized parties only.
- Compartmentalize your network: implement network segmentation and strict access control for each segment to provide more comprehensive and efficient protection against a wide range of threats. Proper network segmentation prevents attackers from reaching critical assets in case of a network breach.
- Implement a network intrusion detection (NIDS) solution. A comprehensive IDS solution is capable of detecting unusual network connections and abnormal traffic, providing timely information about various suspicious activities and sufficiently reducing attacker’s chances of successful exploitation.
Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
Timeline
-
Kaspersky ICS CERT advisory published
02 March 2021
-
Vendor published the advisory
25 February 2021
-
Vendor confirmed the vulnerability
22 September 2017
-
Vulnerability reported
20 September 2017