New “FrostyURL” Zero-Day in Rockwell Automation PLC Can Shut Down Operational Networks

October 28, 2015

Industrial automation solutions provider Rockwell Automation on Tuesday released firmware updates and mitigations to address several vulnerabilities identified by researchers in some of the company’s programmable logic controllers (PLCs).

The security holes, reported by experts from Positive Technologies, CyberX, and Elastica, affect Allen-Bradley MicroLogix 1100 and 1400 series PLC systems. These products are deployed worldwide in sectors such as chemical, food and agriculture, critical manufacturing, and water and wastewater systems.

An advisory published by ICS-CERT names the following vulnerable controller platforms: 1763-L16AWA, 1763-L16BBB, 1763-L16BWA, and 1763-L16DWD hardware series A and B running firmware version 14.000 and prior; and 1766-L32AWA, 1766-L32AWAA, 1766-L32BWA, 1766-L32BWAA, 1766-L32BXB, and 1766-L32BXBA hardware series A and B running firmware version 15.002 and prior.

Read full story…