The Micrologix 1400 PLC (Programmable Logic Controller) was reported to have a serious vulnerability in Rockwell Automation’s industrial control system said the Cisco’s security intelligence and research group. The complete control of the Micrologic’s system can be acquired exploiting just a simple Network Management Protocol and the system firmware can be modified remotely and allows the attacker to run his own codes on the system.
The attacker can disrupt device operation once the controlled as this particular PLC is used in heating air conditioning units, SCADA, industrial machinery and vending and industrial washers and dryers and other industrial control processes and can cause substantial damage.
Following is a list of mitigation strategies listed by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to avoid the exploitation of the vulnerability in future:
- To prevent unauthorized and undesired firmware updates and other configuration change utilize the products RUN key switch
- Proper network infrastructure controls such as firewalls should be utilized to safeguard SNMP requests from unauthorized sources are blocked.
- SNMP service on the product should be disabled always except while updating the firmware.
- Exposer to all control system devices and systems should be minimized to safeguard that they are not the internet
- Control system networks and devices responsible for firewall should be isolated from the business
- Use of secure methods like VPN (Virtual Private Networks) when remote access is required.