A vulnerability has been discovered in the Rockwell Automation MicroLogix 1400 Programmable Logic Controller (PLC) Systems that could allow for unauthorized remote access. These affected Industrial Control System (ICS) products are used across several sectors, including Chemical, Critical Manufacturing, Food and Agriculture, Water and Wastewater Systems and others. Successful exploitation of this vulnerability could allow an attacker to perform remote code execution on the affected device.
A vulnerability has been discovered in Rockwell Automation MicroLogix 1400 PLC that could allow for undocumented and privileged Simple Network Management Protocol (SNMP) access via a community string. This vulnerability can be exploited when SNMP is open on the network as it is by default to allow for firmware updates. (CVE-2016-5646)
- Limit access to the device to authorized hosts. Where possible, locate the devices behind firewalls and if remote access is required, use secure methods such as virtual private networks (VPN).
- Utilize the product's "RUN" keyswitch setting to prevent unauthorized and undesired firmware update operations and other disruptive configuration changes.
- If appropriate, disable SNMP on the MicroLogix 1400.
- Note: It will be necessary to re-enable SNMP to update firmware on this product. After the upgrade is complete, disable the SNMP service once again.
- Review log files to determine if the identified vulnerability was exploited, and remediate per your security policy and procedures.
- Note: Changing the SNMP community strings is not an effective mitigation.