More on the MIcroLogix vulnerability-- Rockwell's statement

Jan. 21, 2010

I recently posted a vulnerability in several models of the Rockwell Automation MicroLogix product line, and noted that, per the security researcher, Eyal Udassin of C4, Rockwell had been completely cooperative with the security researcher in working out a solution to the problem.

I recently posted a vulnerability in several models of the Rockwell Automation MicroLogix product line, and noted that, per the security researcher, Eyal Udassin of C4, Rockwell had been completely cooperative with the security researcher in working out a solution to the problem.

This morning, Rockwell asked me to post a statement about the issue, and I am pleased to do so. As I told the RA folks, I will be happy to keep the end users who use RA MicroLogix completely in the loop, and I'm looking forward to the day I can post that the vulnerability has been completely solved.

 It needs to be pointed out, again, that this is a vulnerability that can only be exploited by a well trained and knowledgeable attacker, not one that is a very high-risk issue.

Here's Rockwell's official statement:

Rockwell Automation - MicroLogix Security Improvement

Rockwell Automation takes network security very seriously, and works to ensure customers use proper security measures. The company recently identified a low-potential security concern to its MicroLogix™ family of programmable controllers. A highly skilled, unauthorized person, using specific tools to intercept the controller password, could potentially gain access and interrupt the controller’s intended operation. For customers who are concerned about unauthorized access, Rockwell Automation recommends using layered security and defensive system design as a best practice.

These customers should also limit physical and electronic access to automation products, networks and systems to only authorized people, regularly change the password, and make previously used passwords obsolete.

Rockwell Automation is working closely with industry groups and appropriate agencies to reduce potential security risks in industrial control systems. Rockwell Automation is confident these solutions will enable our customers to successfully manage this security concern. To assess a control system’s overall security posture, consider engaging a Rockwell Automation security consultant.

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...