Rockwell Automation is a well-known American company that provides industrial automation. Last week, they sent an advisory informing customers about a critical vulnerability affecting Allen-Bradley CompactLogix5370 and Compact GuardLogix 5370 programmable automation controllers. The vulnerability (CVE-2018-9312), scored an 8.6 CVSS score and affects safety controllers that are running 30.012 firmware. Prior firmware is affected as well, which would allow a remote attacker to make devices enter MNRF mode (Major Non-Recoverable Fault). MNRF is a controlled action that takes place when the controller feels that it isn’t safe to operate. This results in a DoS condition which requires the user to redownload the application program to restore the system. According to researchers, “When a Logix controller determines that an MNRF is the right course of action, the controller is designed to fault, taking it out of run mode, logging diagnostic data, and then invalidating and deleting the controller’s memory.” This requires the application program to reload, guaranteeing that the controller has a valid program to continue operating safely. Researchers claim that “the vulnerability exists due to incorrect processing of TCP APK pack additional options by the listener at Ethernet/IP TCP port which is default 44818.” Since safety controllers play a critical role in industrial environments, causing a device to enter DoS could cause major damage such as physical damage to equipment and to people.
