Hard-coded key vulnerability in Logix PLCs

[zbang]

Hard-coded key vulnerability in Logix PLCs has severity score of 10 out of 10

Critical authentication bypass flaw affects the entire Logix product line.

arstechnica.com

The vulnerability, which is tracked as CVE-2021-22681, is the result of the Studio 5000 Logix Designer software making it possible for hackers to extract a secret encryption key. This key is hard-coded into both Logix controllers and engineering stations and verifies communication between the two devices. A hacker who obtained the key could then mimic an engineering workstation and manipulate PLC code or configurations that directly impact a manufacturing process.

Got questions about this? First, read the whole article .