Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC

A firmware update released a few weeks ago by Rockwell Automation for its MicroLogix 1400 programmable logic controllers (PLCs) patches a potentially serious vulnerability.

The MicroLogix PLC family is used worldwide by organizations in the critical infrastructure, food and agriculture, and water and wastewater sectors for controlling processes.

A firmware update released a few weeks ago by Rockwell Automation for its MicroLogix 1400 programmable logic controllers (PLCs) patches a potentially serious vulnerability.

The MicroLogix PLC family is used worldwide by organizations in the critical infrastructure, food and agriculture, and water and wastewater sectors for controlling processes.

Thiago Alves from the University of Alabama in Huntsville (UAH) discovered that these controllers are affected by a buffer overflow vulnerability. In 2016, Alves and two other UAH researchers published a paper on using virtual testbeds for industrial control systems (ICS).Rockwell Automation MicroLogix 1400 PLC

According to Rockwell Automation, the expert discovered that several MicroLogix 1400 PLCs running version 21.002 and earlier of the firmware are affected by a buffer overflow vulnerability that can be triggered by sending specially crafted Modbus TCP packets to affected devices. The flaw can be exploited remotely by an unauthenticated attacker.

“The Modbus buffer is not deallocated when a packet exceeds a specific length. Repeated sending of Modbus TCP data can cause a denial of service to the Modbus functionality, and potentially cause the controller to fault,” the vendor explained.

Related: Learn More at SecurityWeek’s 2018 Singapore ICS Cyber Security Conference

The security hole is tracked as CVE-2017-16740 and it has been classified by both Rockwell and ICS-CERT as high severity with a CVSS score of 8.6. While Rockwell’s advisory only mentions DoS attacks, ICS-CERT’s advisory says it may also be possible to exploit the flaw for remote code execution.

Rockwell Automation patched the vulnerability last month with the release of firmware version 21.003 for series B and series C hardware. As a workaround, users can disable Modbus TCP support if it’s not needed, which prevents remote access to the device.

Last month, after discovering a serious DoS vulnerability in several product lines from Siemens, experts at industrial cybersecurity firm CyberX pointed out that these types of flaws should not be taken lightly.

“The December 2016 attack on the Ukrainian electrical grid used this type of exploit to disable protection relays and make it more difficult for operators to recover,” the company told SecurityWeek at the time.

Related: Several Vulnerabilities Found in Rockwell Automation PLCs

Related: Rockwell Updates Stratix Routers to Patch Cisco IOS Flaws

Related: Rockwell Automation Patches Serious Flaw in FactoryTalk Product

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.