PN1644 | Open UDP Port in 1756-ENBT EtherNet/IP™ Communication Interface

Affected Product	First Known in Firmware Revision	Corrected in Firmware Revision
1756-ENBT (Series A)	3.26	3.9
1756-ENBT (Series A)	3.61	3.9

Rockwell Automation has identified a potential vulnerability in some specific versions of the 1756-ENBT EtherNet/IP communication interface which shipped with an open 17185/UDP communication port meant to be used only for debugging purposes during the product development process.

This open UDP port is classified as a potential vulnerability since an unauthenticated remote user who gains access to the specific version of the product may be able to gain access to the product’s debugging information, disrupt its operation or potentially cause a denial of service, thereby affecting the product’s operation.

This potential vulnerability has been confirmed to affect only the listed versions of the 1756-ENBT EtherNet/IP communication interface for the ControlLogix controller platform.

CVSS Base Score: 7.5/10 (high)
CVSS 2.0 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In conjunction with updating affected product firmware, customers who are concerned about unauthorized access to their Products can take additional immediate steps as outlined below to further reduce associated security risk from this potential vulnerability.

These same steps can also serve as a checklist to verify available security techniques are in place in a system’s configuration too. When possible, multiple strategies should be employed simultaneously.

• Configure firewalls or access control lists (ACL) in the network infrastructure components (such as network firewall appliances and managed switches) to block access to the 17185/UDP port.
• Block all traffic to the CSP, EtherNet/IP or other CIP protocol based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Port# 2222 and Port# 44818 using appropriate security technology (such as a firewall, UTM devices, or other security appliance).
• Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment.
• Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and Control Networks. Refer to Reference Architectures for Manufacturing for comprehensive information about implementing validated architectures designed to deliver these measures.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions website.

Customers using the affected versions are encouraged to upgrade to corrected firmware revisions. We also strongly encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.

• Update to corrected firmware version.
• QA43240 - Recommended Security Guidelines from Rockwell Automation