Security Solutions

SECURITY SOLUTIONS

Customer Notice

We recognize that with every advisory, new concerns are raised about control system security risks and their susceptibility to both accidental and malicious threats. For this reason, we continue to invest in our products, systems and services to help you protect what is important to you. We also continue to maintain our close working relationships with reputable agencies and the industrial security research community at large. Through these actions and practices, we remain committed to helping you and the automation industry recognize and remediate contemporary security risks.

NEW ALERT: 19 January 2012 — FactoryTalk™ ControlLogix and MicroLogix vulnerabilities and anomalies

On January 19, 2012, Rockwell Automation was notified by Digital Bond, Inc. of vulnerabilities discovered in the Allen-Bradley ControlLogix L5561, 1756-ENBT module and MicroLogix 1100 controller. The public disclosure of these findings occurred at the S4 conference and included details to allow for potential reproduction and exploitation of these vulnerabilities.

Rockwell Automation's Security Taskforce is in the process of evaluating the information that has been made available to us. A detailed analysis is underway to determine scope and potential impacts as well as to facilitate appropriate remediation. In parallel, security advisories have been released for each affected product.

Security Product Advisories:

• ControlLogix 5561 (AID:470154)
• 1756-ENBT (AID:470155)
• MicroLogix 1100 (AID:470156)

These advisories have been included on the Rockwell Automation Security Advisory Index (AID:54102).

More information will be added to this advisory as our Security Taskforce works through our detailed investigation and incident response process.

NEW ALERT: 17 January 2012 — FactoryTalk™ Diagnostics Receiver Service Potential Vulnerability

On January 17, 2012, Rockwell Automation learned of an independent public disclosure of two previously unknown security vulnerabilities in the RNADiagReceiver.exe service of the FactoryTalk Services Platform (FTSP). This vulnerability disclosure was an uncoordinated event without involvement of Rockwell Automation. We recognize and share in the concerns raised by this disclosure.

Rockwell Automation's Security Taskforce is fully engaged in this matter and we are taking appropriate action. Our team has already started our detailed evaluation process and will responsibly proceed through mitigation and remediation activities for these vulnerabilities.

Recognizing your concerns, an initial Security Advisory (AID:469937) has been issued and can be found at http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937. This advisory has also been added to the Rockwell Automation Security Advisory Index (AID:54102). The advisory acknowledges facts known at this time and also provides early-stage recommendations for how to address related potential risk and enhance protection of industrial control systems. More information will be added to this advisory as our Security Taskforce works through our detailed investigation and incident response process.

Thank you for sharing our concerns as we work toward addressing this matter.

Previous Alerts & Notices

• 13 September, 2011 — FactoryTalk RnaUtility.dll Vulnerability

  On September 13, 2011, Rockwell Automation learned of an independent public disclosure of a previously unknown security vulnerability in the RnaUtility.dll service of the FactoryTalk Services Platform (FTSP). This disclosure was an uncoordinated event without involvement of Rockwell Automation. We recognize the concerns raised by this vulnerability disclosure and share in those concerns.

  The Rockwell Automation Security Taskforce is fully engaged in this matter and we are taking appropriate action. Our team has already started the evaluation, mitigation and remediation process for this vulnerability and we are currently working on a patch and accompanying release plan to address this as soon as possible.

  We had issued a preliminary advisory to our Security Advisory Index on September 13, 2011. This initial advisory has been replaced with a more detailed version describing the situation, early-stage recommended mitigations and our working plan for how we will address this vulnerability. More information will be added to this advisory as our Security Taskforce works through our incident response process. Visit Knowledgebase to view the updated advisory.

  Thank you for your attention and vigilance as we work toward addressing this matter.

• 09 August, 2011

  During the past few months, we have noted an increase in security vulnerability disclosures issued by government agencies, security researchers and a variety of industrial controls vendors. As a vendor of automation products and solutions, Rockwell Automation shares in your concerns. We continue to closely monitor relevant security advisories and other public information disclosures that expose risk and potential threats to safe, secure and reliable industrial control system operation.

• 22 July, 2010 — Zero Day

  A recent virus incident has targeted the Siemens WinCC SCADA control system platform. The means of attack came through a 0day (Zero day) Windows operating system vulnerability using a new virus coined Win32/Stuxnet by Symantec. This virus has been confirmed by Siemens and multiple agencies to infect computers running the WinCC and PCS7 products with malware via an infected USB drive.

  To date, we have not received any reports that Rockwell Automation products have been affected by this virus. Nonetheless, we are recommending all automation system users enhance protection of industrial control systems against potential attacks. Good cyber security practices, including the use of up-to-date antivirus software, diligent patch management, and secure handling of USB devices are some simple steps that can help protect control systems.

  Rockwell Automation's Security Taskforce continues to monitor this situation and has released specific recommendations that can enhance control system security and better-protect systems against this type of threat. The Knowledgebase Technote KB#70020 outlines measures and immediate steps Rockwell Automation customers can take to reduce risk of infection to their control system.

  Rockwell Automation recommends that customers follow good security design practices and include appropriate mechanisms that help enhance overall security of their control systems. Security consulting services are available from Rockwell Automation to assist concerned customers with assessing and enhancing the security of their control systems. Customers with questions or concerns should contact their Rockwell Automation account manager or representative.

• Stay Connected

  We directly support open, factual and responsible information sharing with our customers. As demonstrated in the past, security advisories relating to our products continue to include specific vulnerability details and immediate recommendations and mitigations for how affected users can reduce risk. We recommend concerned customers subscribe to the Rockwell Automation Knowledgebase Security Advisory Index (article #54102).

• Design Best Practices — Rockwell Automation and Cisco

  We continue to recommend concerned customers adopt a regimented security program covering industrial control and mission-critical systems and how they interact with other cyber systems. We encourage customers to follow contemporary control system design guidelines that are known to enhance overall control system security. These best-practices include use of layered security and defense in depth measures as outlined in the Converged Plantwide Ethernet (CPwE) Architectures Design and Implementation Guide co-developed by Rockwell Automation and Cisco. Furthermore, the training of personnel and adoption and adherence to solid, security-oriented policies and procedures can also help dramatically enhance security posture for a given system.