Rockwell Automation offers mitigation strategies for Logix controller vulnerabilities

March 2, 2021

CISA advisory warns of possibility of unauthenticated attacks

The Cybersecurity & Infrastructure Security Agency (CISA) issued ICS Advisory 21-056-03 on February 25, regarding Rockwell Automation Logix controllers and software. Rockwell Automation says it has taken proactive steps in conjunction with the CISA to mitigate any risks.

The risk evaluation cites that successful exploitation of insufficiently protected credentials could allow a remote unauthenticated attacker to bypass the verification mechanism and connect with Logix controllers. Additionally, this vulnerability could enable an unauthorized third-party tool to alter the controller’s configuration and/or application code.

"Rockwell Automation has worked closely with and in coordination with CISA and the researchers as part of our standard coordinated vulnerability disclosure process," says Marci Pelzer, director, global external communications, at Rockwell Automation.

Rockwell Automation has determined that this vulnerability cannot be mitigated with a patch, and it encourages customers to implement the mitigation strategies outlined in its February 25 disclosure:

Deploy contemporary TLS and DTLS based secure communications features to supported products. This feature, known as CIP Security, is an enhancement to the ODVA EtherNet/IP industrial communication standard and directly addresses the vulnerability noted in the disclosure. CIP Security allows for users to leverage and manage certificates and/or pre-shared keys.
Leverage the key switch available on Rockwell Automation controllers by placing controllers in Run Mode to prevent unauthorized user program or configuration changes.
Customers should confirm they are employing proper network segmentation and security controls. Specifically, network exposure for all control system devices should be minimized and control systems should be behind firewalls and isolated from other networks when possible.

"The most up-to-date information can always be found in our Rockwell Automation Industrial Security Advisory index,” explains Pelzer. “We will always coordinate and work with CISA to provide the latest information when possible." A link to the CISA ICS advisory can be found here.

About the Author

Mike Bacidore | Editor in Chief

Mike Bacidore is chief editor of Control Design and has been an integral part of the Endeavor Business Media editorial team since 2007. Previously, he was editorial director at Hughes Communications and a portfolio manager of the human resources and labor law areas at Wolters Kluwer. Bacidore holds a BA from the University of Illinois and an MBA from Lake Forest Graduate School of Management. He is an award-winning columnist, earning multiple regional and national awards from the American Society of Business Publication Editors. He may be reached at [email protected]