• We will be performing upgrades on the forums and server over the weekend. The forums may be unavailable multiple times for up to an hour each. Thank you for your patience and understanding as we work to make the forums even better.

Hard-coded key vulnerability in Logix PLCs

Learn the NEC with Mike Holt now!
Status
Not open for further replies.

The vulnerability, which is tracked as CVE-2021-22681, is the result of the Studio 5000 Logix Designer software making it possible for hackers to extract a secret encryption key. This key is hard-coded into both Logix controllers and engineering stations and verifies communication between the two devices. A hacker who obtained the key could then mimic an engineering workstation and manipulate PLC code or configurations that directly impact a manufacturing process.


Got questions about this? First, read the whole article :D.
 
Status
Not open for further replies.
Top