Rockwell FactoryTalk Vulnerability

Wednesday, January 18, 2012 @ 05:01 PM gHale


There are multiple vulnerabilities with proof-of-concept (PoC) exploit code affecting Rockwell Automation FactoryTalk, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product.

The vulnerability is exploitable by sending specially crafted packets to the server, according to a report on ICS-CERT. This report went out from security researcher Luigi Auriemma without coordination with either the vendor or ICS-CERT.

RELATED STORIES
Rockwell Adds More Platform Patches
Patch for Cogent DataHub Holes
OAS HMI Holes Fixed
Snort to Boost SCADA Security

Rockwell is aware of the report and ICS-CERT asked the vendor to confirm the vulnerability and identify mitigations.

ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The report included details and PoC exploit code for the following vulnerabilities: A malformed packet and a read access violation, which are remotely exploitable and could cause a denial of service.

Back in October, Rockwell also issued patches to mitigate the denial-of-service vulnerability in its RSLogix platform.

Rockwell created a patch that mitigates this vulnerability for all affected versions of FactoryTalk Services Platform and RSLogix 5000, according to ICS-CERT.



Leave a Reply

You must be logged in to post a comment.