Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee+
Employee+

Rockwell Automation industrial energy meter vulnerable to public exploits

On Feb-20-2019 the US ICS-CERT released an advisory concerning a high critical vulnerability concerning Rockwell automation energy meters.

Rockwell Automation is currently working on mitigations and reports that CheckPoint Software Technologies has released IPS rules to detect attempts to exploit CVE-2018-19615.

The NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also, recognizing that VPN is only as secure as the connected devices.

 

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04

 

 

this information is highly important for our industrial customers, as Rockwell Automation equipment is very common in use in the United States, Canada, and Mexico. The publication by the Rockwell and the ICS CERT proves our competitive edge against the other IPS solution.

0 Replies