Flash ad ID:57

Chemical Safety Incidents

Newsletters

Our strict privacy policy keeps your email address 100% safe & secure.

Rockwell Patches FactoryTalk

Thursday, March 29, 2012 @ 11:03 AM gHale

Rockwell Automation has a patch for two vulnerabilities that may result in a denial-of-service (DoS) condition within FactoryTalk (FT).

The vulnerabilities first released by researcher Luigi Auriemma, along with proof-of-concept code, without coordination with ICS-CERT, the vendor, or other coordinating entity. The two vulnerabilities included an unexpected return value and a read access violation.

RELATED STORIES
Ecava Patches IntegraXor Vulnerability
GE Patches Series of Vulnerabilities
Multiple Holes with xArrow
ABB Patches Robot Software

Rockwell’s Security Taskforce said the following Allen-Bradley products suffer from the vulnerabilities:
• RSLogix 5000 (versions 17, 18, 19, 20)
• Factory Talk (CPR9 up to and including CPR9 SR5)
• FT Directory
• FT Alarms & Events
• FT View SE
• FT Diagnostics
• FT Live Data
• FT Server Health.

Successful exploitation of this vulnerability may result in a DoS.

Rockwell Automation provides industrial automation control and information products worldwide, across a wide range of industries. The FactoryTalk Services Platform is a collection of production and performance management systems.

An unexpected return value can occur by a specially crafted packet which can cause the Rockwell Automation FactoryTalk RNADiagReceiver service listening on Port 4445/UDP to stop processing packets. This vulnerability may lead to a DoS condition. CVE-2012-0221 is the number assigned to this vulnerability.

A read access violation vulnerability exists in Rockwell Automation’s FactoryTalk platform. A specially crafted packet can go to the RNADiagReceiver service listening on Port 4445/UDP resulting in a possible DoS condition. CVE-2012-0222 is the number assigned to this vulnerability.

These are remotely exploitable and public exploits are targeting these vulnerabilities. An attacker with a low skill level may be able to exploit these vulnerabilities.

Rockwell developed a security update to address these vulnerabilities. To download and install the update please refer to the Rockwell Advisory.

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937

Flash ad ID:57

In addition to applying the patch, Rockwell Automation recommends customers configure firewalls to block the following TCP ports to prevent traversal of RNA messages into and out of the ICS system:
• 1330
• 1331
• 1332
• 4241
• 4242
• 4445
• 4446
• 6543
• 9111
• 60093
• 49281




Leave a Reply

You must be logged in to post a comment.

«
 »

Policies
Copyright © 2013 isssource.com