Loading

PN1113 | CVE-2020-0601 Impact to Rockwell Automation Products

Severity:
High
Advisory ID:
PN1113
Veröffentlichungsdatum:
January 20, 2021
Zuletzt aktualisiert:
January 20, 2021
Revision Number:
2.0
Known Exploited Vulnerability (KEV):
Nein
Corrected:
Nein
Workaround:
Nein
CVE IDs
CVE-2020-0601
Zusammenfassung
CVE-2020-0601 Impact to Rockwell Automation Products

Revision History
Revision Number
2.0
Revision History
Version 2.0 - January 20, 2021 - Updated Risk Mitigations and Recommended User Actions.
Version 1.1 - January 31, 2020
Version 1.0 - January 17, 2020

Executive Summary

On Tuesday, January 14, 2020, Microsoft issued a patch and advisory addressing a major crypto vulnerability affecting Windows 10, Windows 10 IoT Core and Enterprise, and Windows Server 2016 and 2019. This vulnerability, identified as CVE-2020-0601, is also being referred to as "CurveBall," and is a vulnerability that exists in the way Crypt.32.dll validates Elliptic Curve Cryptography (ECC) certificates. This vulnerability breaks the chain of trust and could allow an attacker to sign a malicious executable, allow interception and modification of TLS-encrypted traffic, or spoof Authenticode code signing certificates. The National Security Agency (NSA) coordinated the information and release of this vulnerability with Microsoft.

The Rockwell Automation® Product Security Incident Response Team (PSIRT) has been tracking this vulnerability since its release. At the time of writing, Rockwell Automation products are not being directly targeted, but are impacted by vulnerable Windows 10 IoT installations. Please see the Affected Products for a full list of potentially affected Rockwell Automation products.

An investigation is ongoing. Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as information becomes available.

Affected Products

Microsoft Windows 10 IoT Core and Enterprise editions are impacted by this vulnerability. At of the time of publishing, the following Rockwell Automation products are impacted by CVE-2020-0601:

  • CompactLogix 5480 Controllers
  • FactoryTalk Analytics for Devices
  • FactoryTalk Analytics LogixAI
  • ControlLogix Compute Module (1756-CMS1B1)

Vulnerability Details

CVE: 2020-0601: Windows CryptoAPI Spoofing Vulnerability

Description: A vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.

  • Microsoft Assigned CVSSv3.0 Base Score: 8.1
  • Microsoft Assigned CVSSv3.0 Vector String: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Risk Mitigation & User Action

Customers should understand their potential exposure to this vulnerability by completing a thorough asset inventory and assessment.

Vulnerability

Rockwell Automation Product

Suggested Actions

CVE-2020-0601

  • Compact Logix 5480 Controllers
  • ControlLogix Compute Module (1756-CMS1B1)

Microsoft released a patch for affected versions of Windows on January 14, 2020.
Patch via Windows Update Service or normal patching process.

CVE-2020-0601

  • FactoryTalk Analytics Logix AI

Install the Microsoft Cumulative Security Updates on FactoryTalk Analytics LogixAI, refer to QA58887.

Otherwise, Rockwell Automation will provide a firmware update for the products noted. Patches are not yet available for these products. When the patches are available, this article will be updated.

Vulnerability

Rockwell Automation Product

Suggested Actions

CVE-2020-0601

  • FactoryTalk Analytics for Devices

To reduce risk, customers should ensure they are employing proper network segmentation and security controls.
Specifically, network exposure for all control system devices should be minimized and control systems should be
behind firewalls and isolated from other networks when possible.
Refer to the Deploying a Resilient Converged Plantwide Ethernet Architecture Design and Implementation Guide.

Customers using Rockwell Automation industrial compute solutions, such as VersaView computers, Industrial Data Centers, etc, are recommended to regularly inventory and patch their host operating systems.

Update on 1/31/2020: Rockwell Automation MS Patch Qualification team successfully qualified the Microsoft patch related to Curveball. Full results and other useful information can be found here.

General Security Guidelines

  • Utilize proper network infrastructure controls, such as firewalls, to help ensure that communications from unauthorized sources are blocked.
  • Use trusted software, software patches, antivirus/antimalware programs, and interact only with trusted web sites and attachments.
  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article ID 494865.
  • Locate control system networks and devices behind firewalls, and isolate them from the business network.

For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.

Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.

Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.

We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at: 54102 - Industrial Security Advisory Index.

Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.

Requests for additional information can be sent to the RASecure Inbox (rasecure@ra.rockwell.com).

ADDITIONAL LINKS

  • CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability
  • Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
  • Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Startseite
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Bitte aktualisieren Sie Ihre Cookie-Einstellungen, um fortzufahren.
Für diese Funktion sind Cookies erforderlich, um Ihr Erlebnis zu verbessern. Bitte aktualisieren Sie Ihre Einstellungen, um diese Cookies zuzulassen:
  • Social-Media-Cookies
  • Funktionale Cookies
  • Leistungscookies
  • Marketing-Cookies
  • Alle Cookies
Sie können Ihre Einstellungen jederzeit aktualisieren. Weitere Informationen finden Sie in unserem {0} Datenschutzrichtlinie
CloseClose