ICS Alert

Rockwell Automation 1956-ENBT Ethernet/IP Communication Interface Open UDP Port

Last Revised
Alert Code
ICS-ALERT-10-194-01

Description

Rockwell Automation has identified a vulnerability in two versions of the 1756-ENBT EtherNet/IP communication interface that shipped with an open 17185/UDP communication port meant to be used only for debugging purposes during the product development process.

Overview

Rockwell Automation has identified a vulnerability in two versions of the 1756-ENBT EtherNet/IP communication interface that shipped with an open 17185/UDP communication port meant to be used only for debugging purposes during the product development process.

An unauthenticated attacker who gains remote access to the specific versions of the product may be able to gain access to the product's debugging information, disrupt its operation, make system changes, or potentially cause a denial of service.

This vulnerability affects only the following versions of the 1756-ENBT EtherNet/IP communication interface for the ControlLogix controller platform:

1756-ENBT Series A, firmware versions 3.2.6 and 3.6.1

For details, please see Rockwell’s announcement:

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/69735#69735%20-%20Open%20UDP%20Port%20in%201756-ENBT%20EtherNet/IP%E2%84%A2%20Communication%20Interface

Note: Link requires site registration.

This product is provided subject to this Notification and this Privacy & Use policy.

Vendor

Rockwell Automation