Watched the movie "Blackhat' this week -- without giving away too much of the story, it starts with a bad guy getting control of pump controllers, shutting down the cooling pumps at a nuclear reactor in China to disastrous effects. Sounds difficult, as we all hope such a thing would be. And we might just be wrong.
"Rockwell Patches Serious ‘FrostyURL’ PLC Vulnerability"
threatpost.com/rockwell-patches-serious-frostyurl-plc-vulnerability/115196/
Rockwell Automation has patched a handful of vulnerabilities in its Allen-Bradley MicroLogix programmable logic controllers, including one that researchers say can be exploited with a single malicious URL.
The so-called FrostyURL vulnerability affects the Allen-Bradley MicroLogix 1100 PLC used to control industrial processes in a number of critical industries.
“This was an ‘Open-Sesame’ moment, as it enabled us to dump all of the PLC’s memory and thus observe the effects of different exploitation techniques we tried later on,” said researcher David Atch. “We successfully reverse engineered the PLC firmware, and we are sure we can find and exploit additional vulnerabilities.”