Rockwell Adds More Platform Patches

Friday, October 7, 2011 @ 04:10 PM gHale

Rockwell Automation produced more patches that mitigate the denial-of-service vulnerability in its RSLogix platform.

Rockwell created a patch that mitigates this vulnerability for all affected versions of FactoryTalk Services Platform and RSLogix 5000, according to ICS-CERT.

PoC Holes from SCADA Providers
More ICONICS Holes
Sunway Facing Vulnerabilities
SCADA Alert: Fixes in Works

Rockwell said the following products suffer from the vulnerability:
• RSLogix 5000 software Versions V17, V18, and V19
• All FactoryTalk-branded software of specific Versions CPR9 and CPR9-SR1 through SR4.

Successful exploitation of this vulnerability could result in a denial-of-service.

Rockwell provides industrial automation control and information products worldwide, across a wide range of industries. RSLogix 5000 is a programming suite used to develop interfaces within the control system environment. The FactoryTalk Services Platform is a collection of production and performance management systems.

A Read Access violation can occur when a specially crafted packet goes to open ports running the software. The open TCP ports are as follows:
• 1330
• 1331
• 1332
• 4241
• 4242
• 4445
• 4446
• 5241
• 6543
• 9111
• 60093
• 49281

The National Vulnerability Database (NVD) assignment code is CVE-2011-3489. The vulnerability has a CVSS base score of 5.0.
This vulnerability is remotely exploitable and public exploits are targeting this vulnerability. In addition, an attacker with a low skill level can create the denial-of-service.

Rockwell recommends those using FactoryTalk Services Platform Versions CPR9 and CPR9-SR1 through SR4 and those using RSLogix versions V17, V18, and V19 apply patch AID 458689.

Leave a Reply

You must be logged in to post a comment.