Rockwell Automation Patches Severe Flaws in Communications Software
22.9.2018 securityweek
Vulnerebility

Rockwell Automation has patched several critical and high severity vulnerabilities in its RSLinx Classic communications software.

RSLinx Classic is a widely used piece of software that allows organizations to connect Logix5000 programmable automation controllers to various Rockwell applications, including for data acquisition, programming, HMI interaction, and configuration apps. The product is used worldwide, mainly in the energy, critical manufacturing, and water and wastewater systems sectors.

According to advisories published recently by ICS-CERT and Rockwell Automation itself, researchers from Tenable and Nozomi discovered that RSLinx Classic is affected by three vulnerabilities that can allow malicious actors to launch denial-of-service (DoS) attacks, and possibly even execute arbitrary code.

The most serious of the flaws is CVE-2018-14829, a stack-based buffer overflow that has been assigned a CVSS score of 10. A remote attacker can cause the application to crash by sending specially crafted CIP packets on port 44818. Triggering the buffer overflow can also lead to remote code execution, Rockwell and ICS-CERT warned.

Another severe vulnerability is CVE-2018-14827, which has a CVSS score of 8.6 and allows a remote and unauthenticated attacker to crash the application by sending specially crafted Ethernet/IP packets to the aforementioned port. Rockwell noted that the software must be restarted by the user following a successful exploit.

The last vulnerability, also classified as high severity, with a CVSS score of 7.5, is a heap-based buffer overflow tracked as CVE-2018-14821. This security bug also allows a remote and unauthenticated attacker to crash the software using malicious CIP packets.

The flaws affect RSLinx Classic 4.00.01 and prior. Patches have been released by the vendor for each impacted version.

Users can also protect themselves against potential attacks by disabling port 44818, which is only needed in certain scenarios.

These are not the only serious vulnerabilities patched recently by Rockwell Automation in RSLinx Classic. A few months ago, the company and ICS-CERT informed users of a high severity privilege escalation issue that also affected the FactoryTalk Linx Gateway product.