CVE-2014-5410
N/A
Summary
The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rockwell Automation | Allen-Bradley MicroLogix 1400 | 0 <= 1766-Lxxxxx Series A FRN 7 | affected |
| Rockwell Automation | Allen-Bradley MicroLogix 1400 | 0 <= 1766-Lxxxxx Series B FRN 15.000 | affected |
| Rockwell Automation | Allen-Bradley MicroLogix 1400 | Series B FRN 15.001 or higher | unaffected |
Weaknesses
- CWE-20: CWE-20
Workarounds
Users with Series A and Series B controllers are also recommended to apply the following risk mitigations:
Do not enable DNP3 communication in the product unless required.
Where appropriate, prohibit DNP3 communication that originates outside the perimeter of the manufacturing zone from entry into the zone by blocking communication directed at Ethernet communication Port 20000/TCP* and 20000/UDP* using appropriate security technology (e.g., a firewall, UTM devices, or other security appliance)
*Note: Ports 20000/TCP and 20000/UDP are factory defaults as per the DNP3 specification but can be reconfigured by the product owner.
Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.
Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.
Employ layered security, defense-in-depth methods and network segregation and segmentation practices in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html http://www.ab.com/networks/architectures.html%20 for comprehensive information about implementing validated architectures designed to deliver these measures.
Please refer to Rockwell Automation’s product disclosure (AID 620295) for more information on this topic available at:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295
ADP Enrichment
CVE Program Container
Additional References
References
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-02
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-02.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.