May 2019

NEWS n US CYBER-RESEARCHERS have found a software flaw in some Rockwell Automation variable-speed drives that could be exploited to manipulate the drive’s operation or to stop it remotely. The “denial of service” bug in PowerFlex 525 drives with embedded Ethernet I/P could allow a cyber-attacker to crash the Common Industrial Protocol (CIP) so that it will not accept any new connections. The current connections would, however, remain active, allowing potential attackers to take control of the drive. The flaw was discovered last July by researchers at Applied Risk. They informed Rockwell which has since issued a firmware patch to tackle the flaw. Applied Risk has now published a report on its findings, and the US Department for Homeland Security has issued an alert via its National Cybersecurity & Communications Integration Center (NCCIC). The alert warns that successful exploitation of the vulnerability “could result in resource exhaustion, denial of service, and/or memory corruption”. It adds that it would require a “low” skill level to exploit. However, there are no known incidents that have exploited the weakness. The flaw would allow an unauthenticated user to send a sequence of packets to crash the CIP network stack. This would create an error in the control and configuration software which would disconnect when the connection pool was exhausted. It would then not be possible to initiate a new connection to the device, preventing legitimate users from recovering control. If the attacker keeps their connection open, they could continue to send commands, and the only way for the genuine user to regain access would be to do a power reset. The firmware update for the drives can be downloaded from Rockwell’s Web site. The company has also issued a security advisory about the vulnerability for registered customers. So far this year, the US Government’s ICS- CERT (Industrial Control Systems Computer Emergency Response Teams) service has issued more than 50 cyber-security advisories for industrial equipment and software, including items from ABB, Advantech, Aveva, Delta, Emerson, Horner, Johnson Controls, Mitsubishi, Moxa, Omron, OSIsoft, Pepperl+Fuchs, Phoenix Contact, Pilz, Schneider, Siemens and Yokogawa. 8102. of instead 960-267a- Precision is what it's all about: identify and el it originates – thanks to accurate and synchr transparently displayed production data. This downstream checks, helping you boost prod No matter where your production site is: We customized solutions and comprehensive serv iminate scrap exactly where onous detection, with saves time and money on uction. offer you complete, ice support worldwide. www.kistler.com Cyber-flaw could allow hackers to stop Rockwell drives remotely The potential cyber-security flaw was detected in Rockwell Automation's PowerFlex 525 variable-speed drive

RkJQdWJsaXNoZXIy MjQ0NzM=