Rockwell Fixes FactoryTalk Holes

Friday, March 20, 2015 @ 10:03 AM gHale

Rockwell Automation created a patch that mitigates multiple DLL Hijacking vulnerabilities in a software component included with its FactoryTalk View Studio product and its FactoryTalk Services Platform used with other FactoryTalk-branded software, according to a report on ICS-CERT.

Ivan Sanchez of NullCode & Evilcode Team discovered the vulnerabilities in Rockwell’s FactoryTalk View Studio product, while Rockwell found a similar vulnerability affecting the FactoryTalk Services Platform used with other FactoryTalk-branded software.

Johnson Controls Fixes Metasys Holes
Honeywell Updates Web Controller Hole
XZERES Fixes Wind Turbine Vulnerability
Schneider Mitigates Buffer Overflow

The following FactoryTalk software suffers from the issue:
• FactoryTalk Services Platform, all versions prior to 2.71.00
• FactoryTalk View Studio Version 8.00.00 and all versions prior

Exploitation of DLL Hijack vulnerabilities gives an attacker access to the system with the same privilege level as the application that utilizes the malicious DLL.

Rockwell Automation, which is a U.S.-based company, provides industrial automation control and information products worldwide across a wide range of industries.

The affected products, FactoryTalk Services Platform and FactoryTalk View Studio, see use in the design and operation of a variety of industrial control systems across the world. The software products work across several sectors including chemical, commercial facilities, critical manufacturing, energy, government facilities, water and wastewater systems.

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL on the victim machine. The View Studio Clean Utility Application loads the DLL and gives the attacker access at the same privilege level as the application.

CVE-2014-9209 is the case number assigned to these vulnerabilities, which has a CVSS v2 base score of 6.9.

These vulnerabilities are not exploitable remotely without user interaction. The exploits only trigger when a local user runs the vulnerable application, and it loads the malformed DLL file.

No known public exploits specifically target these vulnerabilities. Crafting a working exploit for these vulnerabilities would be difficult. Social engineering is a requirement to convince the user to accept the malformed file. This further decreases the likelihood of a successful exploit.

Rockwell Automation recommends users log into their web site, review their advisory notice, and apply the patch software.

Leave a Reply

You must be logged in to post a comment.