Cookie Settings
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

plc-internet

Get Thee From BGP Rockwell: Ethernet/IP Is not Internet


Rockwell Automation has issued an urgent directive “IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats”.

Amongst the reasons given (other than the obvious, these devices have negligible security, control things which might be dangerous) are these CVE. But really, this is just a starting point, you need a firewall that confirms identity between the PLC and the net, in both directions.

CVE IDAdvisory
CVE-2021-22681CISA | Rockwell Automation Logix Controllers (Update A)
CVE-2022-1159CISA | Rockwell Automation Studio 5000 Logix Designer
CVE-2023-3595CISA | Rockwell Automation Select Communication Modules
CVE-2023-46290CISA | Rockwell Automation FactoryTalk Services Platform
CVE-2024-21914CISA | Rockwell Automation FactoryTalk View ME
CVE-2024-21915CISA | Rockwell Automation FactoryTalk Service Platform
CVE-2024-21917CISA | Rockwell Automation FactoryTalk Service Platform

This got me thinking, surely no one would do that, right? One second, let me duck into Shodan.io and see. OK, people do. The ‘myvzw’ is a Verizon sim card or Mifi type device. The one below is same but for AT&T. Indeed you can directly operate these PLC’s from the public Internet without any security, any authentication, any authorisation.

In “Howto: Open Source Intelligence and your Digital Footprint” I show some of the techniques you can use.