Digital Bond gives Valentine of critical infrastructure exploit tools

With love, Digital Bond
With love, Digital Bond

Digital Bond has released exploit tools to “do nasty things” to PLCs, such as “stop the CPU [central processing unit] or provide the credentials to control the device”, wrote Reid Wightman in a blog.

The vulnerabilities include a flaw in the EtherNet IP protocol used by IP-enabled PLCs produced by big names such as Allen-Bradley/Rockwell Automation, Schneider Electric, ABB, WAGO, and Omron. About 300 vendors are members of ODVA, the organization that developed the protocol.

“The ‘vulnerability’ is in the protocol specification: no authentication is required per the standard for many commands”, according to Wightman. “Currently you can issue a STOP command (should affect all manufacturers), crash the PLC CPU (probably Allen-Bradley specific, unless other vendors purchased their stack), crash the Ethernet controller (probably Allen-Bradley specific), and reboot the Ethernet controller (should affect all manufacturers).”

In addition to the EtherNet IP protocol vulnerability, Digital Bond released exploit tools to target hard-coded administrative passwords in some versions of Schneider’s Modicon Quantum PLC and brute force password attacks against Koyo’s DirectLogic PLCs because they lack a password lockout feature, Wightman wrote.

Responding to critics of Digital Bond for disclosing vulnerabilities before vendors have a chance to fix them, Wightman said that vendors have been given “forever-and-a-half” to fix the vulnerabilities but have failed to do so.

What’s Hot on Infosecurity Magazine?