Loading

PN1644 | Open UDP Port in 1756-ENBT EtherNet/IP™ Communication Interface

Severity:
High
Advisory ID:
PN1644
发布日期:
July 06, 2010
上次更新时间:
July 06, 2010
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
否
Corrected:
否
Workaround:
否
摘要
Open UDP Port in 1756-ENBT EtherNet/IP™ Communication Interface

Revision History
Revision Number
1.0
Revision History
Version 1.0 – July 6, 2010

Affected Products

Affected Product First Known in Firmware Revision Corrected in Firmware Revision
1756-ENBT (Series A) 3.26 3.9
1756-ENBT (Series A) 3.61 3.9

Vulnerability Details

Rockwell Automation has identified a potential vulnerability in some specific versions of the 1756-ENBT EtherNet/IP communication interface which shipped with an open 17185/UDP communication port meant to be used only for debugging purposes during the product development process.

This open UDP port is classified as a potential vulnerability since an unauthenticated remote user who gains access to the specific version of the product may be able to gain access to the product’s debugging information, disrupt its operation or potentially cause a denial of service, thereby affecting the product’s operation.

This potential vulnerability has been confirmed to affect only the listed versions of the 1756-ENBT EtherNet/IP communication interface for the ControlLogix controller platform.

CVSS Base Score: 7.5/10 (high)
CVSS 2.0 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P


In conjunction with updating affected product firmware, customers who are concerned about unauthorized access to their Products can take additional immediate steps as outlined below to further reduce associated security risk from this potential vulnerability.

These same steps can also serve as a checklist to verify available security techniques are in place in a system’s configuration too. When possible, multiple strategies should be employed simultaneously.
  • Configure firewalls or access control lists (ACL) in the network infrastructure components (such as network firewall appliances and managed switches) to block access to the 17185/UDP port.
  • Block all traffic to the CSP, EtherNet/IP or other CIP protocol based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Port# 2222 and Port# 44818 using appropriate security technology (such as a firewall, UTM devices, or other security appliance).
  • Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment.
  • Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and Control Networks. Refer to Reference Architectures for Manufacturing for comprehensive information about implementing validated architectures designed to deliver these measures.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions website.

Risk Mitigation & User Action

Customers using the affected versions are encouraged to upgrade to corrected firmware revisions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.
  • Update to corrected firmware version.
  • QA43240 - Recommended Security Guidelines from Rockwell Automation

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 主页
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
请更新您的Cookies偏好以继续.
此功能需要Cookies来增强您的体验。请更新您的系统偏好以允许使用这些Cookies:
  • 社交媒体Cookies
  • 功能Cookies
  • 性能 Cookies
  • 市场营销Cookies
  • 所有Cookies
您可以随时更新您的系统偏好。如需了解更多信息,请参阅我们的 {0} 隐私政策
CloseClose