April 2021

NEWS BRIEFS n NEWS April 2021 www.drivesncontrols.com 8 CYBER-RESEARCHERSHAVE discovered a“severe” vulnerability in a mechanism that verifies communications between Rockwell Automation PLCs and engineering software. Exploiting this flaw could allow an attacker to connect remotely to almost any Rockwell Logix PLC – as well as its drives and safety controllers that use the Logix technology – and to uploadmalicious code, download information from the PLC, or install new firmware. The US Government’s Cybersecurity and Infrastructure Security Agency (Cisa) has warned that the vulnerability could be exploited remotely by attackers with a“low”skill level. Using the CVSS (Common Vulnerability Scoring System) rating scheme, Cisa gives the vulnerability a score of 10 – the highest possible rating. The vulnerability was co-discovered independently in 2019 by cyber-researchers at Claroty, Kaspersky and Soonchunhyang University in South Korea. As usually happens in such cases, they warned Rockwell Automation about the vulnerability to allow it to take appropriate action. The discovery has now been made public via an ICS-Cert advisory published by Cisa. The vulnerability affects Rockwell’s Studio 5000 Logix Designer (versions 21 and later) and RSLogix 5000 (versions 16-20) engineering software, and many of its Logix controllers, including CompactLogix, ControlLogix, DriveLogix, GuardLogix and SoftLogix models. The ICS-Cert advisory has a full listing. The vulnerability exists because the software uses a key to verify communications with the Logix controllers. A remote, unauthenticated attacker could bypass this verification mechanism and connect directly to the controllers. An attacker who extracted the key would be able to authenticate to any Rockwell Logix controller. These keys sign all communications digitally with the PLCs, which verify the signature and authorise communication with the software. An attacker using the key could mimic a workstation and thus manipulate configurations or code running on the PLC, potentially affecting manufacturing processes. In response to the discovery, Rockwell Automation has issued an advisory describing how the vulnerability affects the Studio 5000 Logix Designer software and associated controllers. It recommends several possible mitigations, including putting the controller’s mode switch to “run”mode, and deploying CIP Security for Logix Designer connections. When deployed properly, this prevents unauthorised connections. If it is not possible to implement the run mode, Rockwell suggests other measures depending on the model of Logix controller affected. Rockwell is also recommending several generic mitigations to blunt the effects of the vulnerability, starting with network segmentation and security controls such as minimising the exposure of control systems to networks or to the Internet. Control systems, it says, should be behind firewalls and be isolated from other networks if feasible. It also recommends implementing secure remote access – at a minimum, using a VPN connection. The ICS-Cert advisory contains all of Rockwell’s mitigation advice, including recommendations for each product family and version. It also recommends several detection methods that users can apply if they suspect that their configurations have been modified. The advisory says that there are no known public exploits targeting the vulnerability. https://us-cert.cisa.gov/ics/advisories/icsa-21- 056-03 ‘Severe’ PLC vulnerability could be used by attackers with ‘low’ skill levels The newly-revealed vulnerability involves communications between Rockwell Automation’s Studio 5000 software and its Logix controllers p The Newtown-headquartered robotics and automation specialist, RMGroup , has become the first UK integrator to be accredited under the RIA/Bara Robot Integrators’ Certification Scheme.The company has passed an audit based on a set of national and international standards. It will be re-audited every two years using the same 25-point list.The certification scheme is a benchmark to assess robot integrators’technical knowledge and safety practices. It was created to standardise integrator quality andworkmanship, and to recognise effective safety controls, to help give companies a competitive edge. https://rmgroupuk.com www.bara.org.uk p The precision engineering manufacturer Renishaw is seeking buyers after its two founders and main shareholders put the group up for sale. Executive chairman Sir DavidMcMurtry and his non- executive deputy John Deer, who own 53%of the group and are both in their 80s, want to sell their stake. They want a buyer that respects the company’s culture and heritage and is committed to the local community in Renishaw’s Cotswolds base. p Nokia and WEG have started a one-year collaborative project to test the use of 5G in a real-life production environment in aWEG factory in Brazil.The plant will act as a laboratory for testing a private 5G network alongside a conventional mobile phone network.Two frequencies will be tested: below 6GHz and 27.5–27.9GHz. p The Manufacturing Technology Centre and Lloyds Bank have joined forces to offer a package of free support and resources to help UKmanufacturing and engineering SMEs to embrace innovation, develop their workforces and boost productivity. The SME Support Service includes advice, guidance and access to funding and resources. It will help SMEs to recruit apprentices, upskill their existing workforces, and identify opportunities to deploy emerging technologies.The package includes up to £3m from Lloyds' Apprenticeship Levy Fund. https://the-amtc.co.uk/lloyds-sme p Make UK has formed a partnershipwith the certification company SGS to offer a customs brokerage service to help companies fill in customs declarations correctly to clear their goods for import and export in and out of the EU. www.makeuk.org