exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

AB Micrologix Denial Of Service / Unauthorized Access

AB Micrologix Denial Of Service / Unauthorized Access
Posted Jan 16, 2010
Authored by Eyal Udassin | Site c4-security.com

Micrologix 1100 and 1400 controllers suffer from multiple vulnerabilities that allow unauthorized control of the PLC. Details of these vulnerabilities will be disclosed only to legitimate parties such as asset owners (utilities), after receiving the approval of the local CERT or any other local official entity.

tags | advisory, local, vulnerability
SHA-256 | 488ad569c5cecbf68d458ed4c08071d485ed70de51bbe59a8bd1260aa745c3cb

AB Micrologix Denial Of Service / Unauthorized Access

Change Mirror Download
Background
-----------------
Vendor product information, from www.ab.com :
With online editing and a built-in 10/100 Mbps EtherNet/IP port for
peer-to-peer messaging, the MicroLogix 1100 controller adds greater
connectivity and application coverage to the MicroLogix family of
Allen-Bradley controllers. This next generation controller's built-in LCD
screen displays controller status, I/O status, and simple operator messages;
enables bit and integer manipulation; offers digital trim pot functionality,
and a means to make operating mode changes (Prog / Remote / Run).
With 10 digital inputs, 2 analog inputs and 6 digital outputs, the
MicroLogix 1100 can handle a wide variety of tasks. The MicroLogix 1100
controllers also support expansion I/O. Up to four 1762 I/O modules (also
used on the MicroLogix 1200 and 1400) may be added to the embedded I/O,
providing application flexibility and support of up to 80 digital I/O.

Description
----------------
Due to the sensitivity of SCADA-related vulnerabilities, we can only
publicly disclose that the Micrologix 1100 and 1400 controllers suffer from
multiple vulnerabilities that allow unauthorized control of the PLC.
Details of these vulnerabilities will be disclosed only to legitimate
parties such as asset owners (utilities), after receiving the approval of
the local CERT or any other local official entity.

Impact
----------
An attacker can exploit these vulnerabilities in order to:
. Halt the system's operation (Denial of Service)
. Gain unauthorized access with high privileges to the system
. Leverage these vulnerabilities to attempt to find additional
vulnerabilities in the server to carry out the "field to field" attack
vectors mentioned in C4's S4 2008 paper "Control System Attack Vectors and
Examples: Field Site and Corporate Network"
(http://www.c4-security.com/index-5.html).

Affected Versions
-------------------------
AB Micrologix 1100
AB Micrologix 1400

Workaround/Fix
-----------------------
Consult with Rockwell Automation or a SCADA security company on how to
mitigate the found vulnerabilities by restricting access to the control
network.

Additional Information
-------------------------------
For additional information please contact us at info_at_c4-security.com.
Note that we will respond only to verified utility personnel and
governmental agencies. Details of this vulnerability will be disclosed only
to legitimate parties such as asset owners (utilities), after receiving the
approval of the local CERT or any other local official entity.

The CVE identifier assigned to this vulnerability by CERT is CVE-2009-3739

Credit
--------
These vulnerabilities were discovered and exploited by Eyal Udassin from C4
Security (http://www.c4-security.com).
We would like to thank Rockwell Automation and CERT for their professional
handling of the vulnerability disclosure process.

C4 Security is a leader in SCADA security reviews, auditing and penetration
testing.
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close