Rockwell Clears EtherNet/IP Web Server Module Holes

Tuesday, February 5, 2019 @ 10:02 PM gHale

Rockwell Automation recommends affected users of its EtherNet/IP Web Server Modules disable the SNMP service if not in use to mitigate an improper input validation vulnerability, according to a report from NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Rockwell Automation working with Tenable, could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service.

RELATED STORIES
InduSoft Web Studio, InTouch Edge HMI Fixed
IDenticard Updating PremiSys Holes
Schneider Fixes EVLink Parking Holes
Yokogawa has Fix for License Manager Service

The following versions of EtherNet/IP web server module, a web server module, suffer from the issue:
• 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier,
• CompactLogix 1768-EWEB Version 2.005 and earlier

In the vulnerability, a remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted.
CVE-2018-19016 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The product sees use mainly in the critical manufacturing sector. It also see action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Rockwell Automation recommends affected users disable the SNMP service if not in use.
For more information refer to the Rockwell Automation security advisory (login required).



Leave a Reply

You must be logged in to post a comment.