Rockwell_pg1

Rockwell Automation Malware Report

Researchers from our Industrial Threat Intelligence team have revealed a remote code execution vulnerability in the Allen-Bradley MicroLogix family of controllers from Rockwell Automation.

Malware Report Summary

The CyberX Threat Intelligence team has discovered numerous zero-day vulnerabilities in Programmable Logical Controllers (PLCs) and industrial equipment, ranging from Denial-of-Service (DOS) to remote code execution.

This document details the research that led to the finding of a remote code execution vulnerability on the Allen-Bradley MicroLogix family of controllers from Rockwell Automation. This also includes a Proof-of-Concept (POC) exploiting this vulnerability.

The vulnerability has been acknowledged by the Department of Homeland Security, and received CVSS v3 base score of 9.8. Part of the innovative work described in this document, which includes the creation of a custom firmware, was also presented in the 2015 ICS Cyber Security Conference in Atlanta. Major part of the interest exhibited was due to the distinct nature of the research, arising when its results are compared to past vulnerabilities found in Rockwell Automation’s equipment.