Introduction
Description
September 13, 2011 - version 1.0
This advisory has been replaced with AID# 456144
On September 13, 2011, Rockwell Automation was made aware of a potential vulnerability in RSLogix 5000 software that if successfully exploited, may result in a Denial of Service condition.
We are in the process of validating the potential vulnerability in order to determine possible risk, scope, impacts, and exposure to our customers if it is confirmed.
Based on the outcome of our ongoing investigation, if the vulnerability is confirmed, we will communicate a recommended mitigation strategy to our concerned customers as soon as possible.
Until a specific mitigation strategy is made available, we recommend concerned customers remain vigilant and continue to apply the following security strategies that help reduce risk and enhance overall control system security:
1. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.
2. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment and perform product firmware upgrades to that equipment.
For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.
KCS Status
