PLC Cycle Time Influences (Update A) (ICSA-19-106-03) – Products Used in the Water and Wastewater and Energy Sector

December 12, 2019

CISA has updated this advisory with additional details on the affected products and the location of additional details of the vulnerability. Read the advisory at CISA.

April 16, 2019

The NCCIC has published an advisory on an uncontrolled resource consumption vulnerability in ABB, Phoenix Contact, Schneider Electric, Siemens, and WAGO programmable logic controllers (PLCs). PLCs from numerous vendors are affected. High network load can consume CPU power in such a way that the normal operation of the device can be affected; that is, the configured cycle time can be influenced. The NCCIC advises of advice, recommendations, and updates disseminated by the vendors whose products are affected. It also provides a list of recommended measures for addressing the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.