New Patches for Rockwell

Tuesday, October 4, 2011 @ 07:10 PM gHale

Rockwell Automation produced a patch that mitigates the denial-of-service vulnerability in its RSLogix platform.

The patch mitigates the vulnerability in FactoryTalk Services Platform, Versions CPR 9 SR4 and CPR 9 SR3, according to ICS-CERT. Patches for prior versions of FactoryTalk Services Platform and RSLogix 5000 are currently under development. ICS-CERT has not tested this patch to validate that it resolves this vulnerability.

More ICONICS Holes
Sunway Facing Vulnerabilities
SCADA Alert: Fixes in Works
Antivirus Protection for SCADA Security

Rockwell said the following products suffer from the vulnerability:
• RSLogix 5000 software Versions V17, V18, and V19
• All FactoryTalk-branded software of specific Versions CPR9 and CPR9-SR1 through SR4.

Successful exploitation of this vulnerability could result in a denial-of-service.

Rockwell provides industrial automation control and information products worldwide, across a wide range of industries. RSLogix 5000 is a programming suite used to develop interfaces within the control system environment. The FactoryTalk Services Platform is a collection of production and performance management systems.

A Read Access violation can occur when a specially crafted packet goes to open ports running the software. The open TCP ports are as follows:
• 1330
• 1331
• 1332
• 4241
• 4242
• 4445
• 4446
• 5241
• 6543
• 9111
• 60093
• 49281

The National Vulnerability Database (NVD) assignment code is CVE-2011-3489. The vulnerability has a CVSS base score of 5.0.

This vulnerability is remotely exploitable and public exploits are targeting this vulnerability. In addition, an attacker with a low skill level can create the denial-of-service.

Rockwell recommends those using FactoryTalk Services Platform Version CPR 9 SR4 apply patch AID 456854 and CPR 9 SR3 apply patch AID 457488. Customers using prior versions of FactoryTalk Services Platform and RSLogix should apply those patches as they become available. ICS-CERT will update this advisory accordingly as these patches release.

For more information, refer to Rockwell Automation Security Advisory KB 456144.

Leave a Reply

You must be logged in to post a comment.