/* ---- Google Analytics Code Below */

Wednesday, March 03, 2021

A Security Problem with Common PLCs

We worked actively with PLCs, 'Programmable Logic Controllers' in the enterprise.    Small, dedicated computers used to control industrial process.  They reliably do both simple and complex tasks in the lab and plant.   I see that Steve Gibson in Twit has written about a security problem with these,  commonly used.  Notes on it are at the link below. Crucial if you use these, fix it.

Rockwell Automation's CVE-2021-22681 is a CRITICAL 10 out of 10  (Page 3) 

The security of nearly all of Rockwell Automation's “PLC”s — Programmable Logic Controllers — are affected by the use of a single globally shared static encryption key. Yes... Every one of the hundreds of thousands of their systems in the world is “protected” by the same single key ..... ' 

No comments: