Successful exploitation will not directly disrupt operation of Rockwell Automation programmable controllers or other devices in the control system. Such passwords can be used to help prevent unauthorized access and viewing or tampering of particular content stored in controller configuration programs. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEWĪ vulnerability has been identified in RSLogix 5000 software, V7 through V20.01 and V21.0 that may allow customer-defined passwords, used to protect certain user-configured content, to become compromised. It is a globally available product used in the United States and the rest of the world. According to Rockwell Automation, the software is used in systems deployed across several sectors including chemical, critical manufacturing, food and agriculture, water and wastewater, and others. The affected product, RSLogix 5000 software, is design and configuration software used with certain Rockwell Automation products. Rockwell Automation, which is a US-based company, provides industrial automation control and information products worldwide across a wide range of industries. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization.
Exploitation will not directly disrupt operation of Rockwell Automation programmable controllers or other devices in the control system.
Successful exploitation may result in an unauthorized disclosure of user-created content.
This advisory was originally posted to the US-CERT secure Portal library on January 21, 2014, and is now being released to the NCCIC/ICS-CERT Web site.
0 kommentar(er)
