{"id":35700,"date":"2021-02-26T16:37:13","date_gmt":"2021-02-26T21:37:13","guid":{"rendered":"http:\/\/pappp.net\/?guid=216c8bbd11dddb25e14265d73c2c52d3"},"modified":"2021-02-26T16:37:13","modified_gmt":"2021-02-26T21:37:13","slug":"hard-coded-key-vulnerability-in-logix-plcs-has-severity-score-of-10-out-of-10","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=35700","title":{"rendered":"Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/arstechnica.com\/?p=1745776\">Ars Technica<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: Oh that's bad.  Remotely-usable hard-coded admin credential. \r\n\r\nPLCs were doing shitty IoT behavior before IoT was a thing. \r\nAt least most of them are jailed on isolated control networks because everyone _knows_ they're chickenshit, but it still makes a hell of an escalation path.<\/div><div>\n<figure><img src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/rockwell-controllogix-800x450.jpg\" alt=\"Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/rockwell-controllogix.jpg\" rel=\"noopener noreferrer\">Enlarge<\/a> (credit: Rockwell Automation)<\/p>  <\/figure><div><a name=\"page-1\"><\/a><\/div>\n<p>Hardware that is widely used to control equipment in factories and other industrial settings can be remotely commandeered by exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10.<\/p>\n<p>The vulnerability is found in programmable logic controllers from Rockwell Automation that are marketed under the Logix brand. These devices, which range from the size of a small toaster to a large bread box or even bigger, help control equipment and processes on assembly lines and in other manufacturing environments. Engineers program the PLCs using Rockwell software called Studio 5000 Logix Designer.<\/p>\n<p>On Thursday, the US Cybersecurity &amp; Infrastructure Security Administration warned of a critical vulnerability that could allow hackers to remotely connect to Logix controllers and from there alter their configuration or application code. The vulnerability requires a low skill level to be exploited, CISA <a href=\"https:\/\/us-cert.cisa.gov\/ics\/advisories\/icsa-21-056-03\" rel=\"noopener noreferrer\">said<\/a>.<\/p><\/div><p><a href=\"https:\/\/arstechnica.com\/?p=1745776#p3\" rel=\"noopener noreferrer\">Read 9 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=1745776&amp;comments=1\" rel=\"noopener noreferrer\">Comments<\/a><\/p><div>\n<a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=UQt5ktUUg3c:yRVx06Ktp7w:V_sGLiPBpWU\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?i=UQt5ktUUg3c:yRVx06Ktp7w:V_sGLiPBpWU\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a> <a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=UQt5ktUUg3c:yRVx06Ktp7w:F7zBnMyn0Lo\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?i=UQt5ktUUg3c:yRVx06Ktp7w:F7zBnMyn0Lo\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a> <a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=UQt5ktUUg3c:yRVx06Ktp7w:qj6IDK7rITs\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?d=qj6IDK7rITs\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a> <a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=UQt5ktUUg3c:yRVx06Ktp7w:yIl2AUoC8zA\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?d=yIl2AUoC8zA\" border=\"0\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/><\/a>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Enlarge (credit: Rockwell Automation)<br \/>\nHardware that is widely used to control equipment in facto&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=35700\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-35700","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/35700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=35700"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/35700\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=35700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=35700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=35700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}