Security through data

MAIN

  • Home
  • Alerts
  • Blog
  • Events
  • Incidents
  • Tutorials

FEATURED

  • AI
  • Privacy
  • Cryptocurrency
  • Blockchain
  • IoT
  • Deep Web
  • Threat Actors
  • Social Engineering
  • Phishing
  • Malware
  • E-Commerce
  • Deepfake
  • Quantum Computing

COMPANY

  • About us
  • Advertise
  • Legal & Policy
Cybermaterial
  • CATEGORIES
    • Cyber101
      • Definition
      • Quote
    • Document
      • Cheat Sheet
      • Paper
      • Report
    • Education
      • Certification
      • Course
    • Entertainment
      • Documentary
      • Game
      • Meme
      • Movie
      • TV Show
    • Learning
      • Book
      • Lexicon
      • Podcasts
      • Tutorials
    • Tool
      • Hardware
      • Software
No Result
View All Result
Contact Us
Cybermaterial
  • CATEGORIES
    • Cyber101
      • Definition
      • Quote
    • Document
      • Cheat Sheet
      • Paper
      • Report
    • Education
      • Certification
      • Course
    • Entertainment
      • Documentary
      • Game
      • Meme
      • Movie
      • TV Show
    • Learning
      • Book
      • Lexicon
      • Podcasts
      • Tutorials
    • Tool
      • Hardware
      • Software
No Result
View All Result
Contact Us
Cybermaterial
No Result
View All Result

ICS Advisory (ICSA-21-056-03) – Rockwell Automation Logix Controllers

in Alerts
2 min read
March 1, 2021

1. EXECUTIVE SUMMARY

  • CVSS v3 10.0
  • ATTENTION: Exploitable remotely/low skill level to exploit
  • Vendor: Rockwell Automation
  • Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers
  • Vulnerability: Insufficiently Protected Credentials

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to bypass the verification mechanism and connect with Logix controllers. Additionally, this vulnerability could enable an unauthorized third-party tool to alter the controller’s configuration and/or application code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Rockwell software are affected:

  • RSLogix 5000: Versions 16 through 20
  • Studio 5000 Logix Designer: Versions 21 and later

The following Rockwell Logix Controllers are affected:

  • CompactLogix 1768
  • CompactLogix 1769
  • CompactLogix 5370
  • CompactLogix 5380
  • CompactLogix 5480
  • ControlLogix 5550
  • ControlLogix 5560
  • ControlLogix 5570
  • ControlLogix 5580
  • DriveLogix 5560
  • DriveLogix 5730
  • DriveLogix 1794-L34
  • Compact GuardLogix 5370
  • Compact GuardLogix 5380
  • GuardLogix 5570
  • GuardLogix 5580
  • SoftLogix 5800

3.2 VULNERABILITY OVERVIEW

3.2.1    INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

Studio 5000 Logix Designer uses a key to verify Logix controllers are communicating with the affected Rockwell Automation products. The product is vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Logix controllers.

CVE-2021-22681 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Read full statement

Tags: AlertCISAControlLogixGuardLogixRockwellSoftLogix
6
VIEWS

More Alerts

Adobe Releases Security Updates
Alerts

Adobe Releases Security Updates

April 15, 2021
Russian SVR Targets U.S. and Allied Networks – CISA – FBI – NSA
Alerts

Russian SVR Targets U.S. and Allied Networks – CISA – FBI – NSA

April 15, 2021
Google patches vulnerability in Android system – Security Bulletin –  April 2021
Alerts

Google patches vulnerability in Android system – Security Bulletin – April 2021

April 14, 2021

MORE

CISSP

Availability

October 5, 2020
Report

2020 State of Malware Report by Malwarebytes

January 13, 2021
Stat

80% of phishing sites have SSL encryption enabled to fool victims

January 19, 2021
Quote

“The cybersecurity crisis is a fundamental failure of architecture…”

November 16, 2020
ADVERTISEMENT

Tags

Books Cybersecurity Hackers Malware Memes Movies Quantum Computing Report Software Word of the day

© 2021 | CyberMaterial | All rights reserved.

SECURITY THROUGH DATA

No Result
View All Result
  • Home
  • Alerts
  • Cyber Incidents
  • Blog
  • Events
  • Tutorials
  • Featured
    • AI
    • Privacy
    • Cryptocurrency
    • Blockchain
    • IoT
    • Deep Web
    • Threat Actors
    • Social Engineering
    • Deepfake
    • E-Commerce
    • Malware
    • Phishing
    • Quantum Computing

© 2020 CyberMaterial - Cyber Decoded.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.