Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
Uncontrolled Resource Consumption
Phoenix Contact acknowledges this as a “known, won’t fix” issue for old products. Currently available products provide countermeasures to mitigate the impact on the safety-related functionality.
ABB concludes the reported behavior is not a vulnerability but is due to a misconfiguration of the PLC watchdog,
Siemens has investigated the vulnerability report on PLC cycle time influences and concludes the report does not demonstrate a valid vulnerability for Siemens PLCs.
WAGO recommends users operate the devices in closed networks or protect them with a firewall against unauthorized access. Another recommended mitigation is to limit network traffic via the switch rate limit feature according to application needs.
Fixes are available in the Modicon M221 firmware v220.127.116.11 and the EcoStruxure Machine Expert – Basic v1.0 software (formerly SoMachine Basic) using either of the following options: