Sign in / up

back to article Cisco security crew uncovers bug in industrial control kit

Cisco has uncovered a potentially serious bug in widely used industrial control system kit. The vulnerability in Allen-Bradley Rockwell Automation MicroLogix1400 Programmable Logic Controllers (PLCs) arose from the presence of an undocumented Simple Network Management Protocol (SNMP) community string. The flaw might be …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Destroy All Monsters Silver badge

    Warp Factor Stupid!

    How is this a "bug"?

    In addition to the default, documented SNMP community string of ‘public’ (read) and ‘private’ (read/write), an undocumented community string of ‘wheel’ (read/write) also exists, which enables attackers to make unauthorized device changes, such as modification of settings or conducting malicious firmware updates. It is possible that this community string allows access to other OIDs, however Talos tested specific use cases.

    NOTABUG!

    0 2 Reply
    1. Alan Brown Silver badge
      Reply Icon

      Re: Warp Factor Stupid!

      " an undocumented community string of ‘wheel’ (read/write) also exists,"

      That's a blast from the past. Wheel was the superuser group on *nix systems up to the 90s.

      It still is in some implementations.

      0 0 Reply
  2. ckm5

    Firewalls

    Anyone who doesn't have PLCs and other controllers firewalled deserves to get hacked. Just look at the Tritium/Jace mess.

    5 0 Reply
  3. Gotno iShit Wantno iShit

    Slow news day?

    There's dozens of CVEs on industrial kit on ICS-CERT, are we going to start getting reprints of them all?

    It's also hardly a surprise there's undocumented features/bugs around SNMP. A bigger horror story of a clusterfucked hellspawn of a ministry committee designed SNAFU I have yet to encounter.

    0 1 Reply
    1. Alan Brown Silver badge
      Reply Icon

      Re: Slow news day?

      "It's also hardly a surprise there's undocumented features/bugs around SNMP"

      It doesn't help when companies ignore existing OID definitions and reinvent the wheel with their own private MIBs which are often "almost but not quite completely unlike" the official ones.

      I've been banging my head against several vendors on this very issue.

      0 0 Reply
  4. Egghead & Boffin

    ICS CERT published this 5 days ago. Good to see you've got your fingers so firmly on the Pulse </irony>

    To DAM (above) - if this allows commands to be sent outside those defined in the authorised command set for a shift operator or supervisor then it's most definitely a vulnerability.

    1 0 Reply
  5. Anonymous Coward
    Facepalm

    To view a demo of the vulnerability

    "To view a demo of how the vulnerability is exploited, please leave your details below."

    What was this Industrial Control System even doing directly connected to the Internet?

    0 0 Reply
    1. returnofthemus
      Reply Icon

      What was this Industrial Control System even doing directly connected to the Internet?

      Because when bet your future on a three letter acronym like 'IoT', you've got to kick-start it some how.

      Right, I'm off to my local Tesla showroom, bye-bye 'Cruise Control', hello Autopilot!

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like