Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious CIP packet to Port 44818. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.

A CVSS v3 base score: 10.0  (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Reference link: https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02

Affected versions

RSLinx Classic Versions <= 4.00.01

Unaffected versions

Refer to https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712  (Login is required)

Mitigations

Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712 (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712

Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation’s general security guidelines, please visit knowledgebase article KB 1075747 (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747

Leave a Reply

Your email address will not be published. Required fields are marked *