Security Alerts & News
by Tymoteusz A. Góral

History
#1296 Undocumented SNMP string exposes Rockwell PLCs to remote attacks
An undocumented SNMP community string has been discovered in programmable logic controllers (PLCs) built by Allen-Bradley Rockwell Automation that exposes these devices deployed in a number of critical industries to remote attacks.

Researchers at Cisco Talos today said the vulnerability is in the default configuration of MicroLogix 1400 PLC systems. Rockwell Automation, meanwhile, said versions 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA are affected.

“This vulnerability is due to the presence of an undocumented SNMP community string that could be leveraged by an attacker to gain full control of affected devices and grants the ability to manipulate configuration settings, replace the firmware running on the device with attacker-controlled code, or otherwise disrupt device operations,” Cisco Talos wrote in an advisory. “Depending on the role of the affected PLC within an industrial control process, this could result in significant damages.”
Read more
#1296 Undocumented SNMP string exposes Rockwell PLCs to remote attacks
#1295 IT threat evolution in Q2 2016, overview (PDF)
#1294 Can IoT be the new frontier for cyber extortion?
#1293 Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS (PDF)
#1292 Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12