Loading
myRockwellAutomation
Careers
Investors
PartnerNetwork Portal
Contact Us
Popular Resources
Compatibility & Downloads (PCDC) Knowledgebase Literature Library Lifecycle Status Learning+ Training Portal
 
Product Management
Asset Management (RAAMP) Installed Base Evaluation (IBE) My Equipment Self-Service Product Registration Repairs Service Contracts & Tickets Software Activation Software Subscriptions Sustainability Dashboard
 
Product Configuration and Selection
Advisor Bill of Materials CrossWorks Integrated Architecture Builder Product Catalog ProposalWorks Proposal Builder ProposalWorks Standards Builder Safety Automation Builder
 

 

View All Tools →

InformationInformation
This content is not available in your selected language.
Rockwell Automation logo
Products
Hardware
What's New in Hardware
Circuit & Load Protection Condition Monitoring Connection Devices Distributed Control Systems Drives Energy Monitoring Human Machine Interface (HMI) Independent Cart Technology Industrial Computers & Monitors Industrial Control Products Input/Output Modules Lighting Control
Motion Control Motor Control Network Security & Infrastructure Packaged Solutions Power Supplies Programmable Controllers Push Buttons & Signaling Devices Relays & Timers Safety Instrumented Systems Safety Products Sensors & Switches Signal Interface
Software
What's New in Software
Cloud Software
 
Design
Studio 5000 FactoryTalk Logix Echo Emulate3D Digital Twin Arena Simulation FactoryTalk Design Studio FactoryTalk Twin Studio FactoryTalk Vault
 
Analytics & Data
FactoryTalk Historian FactoryTalk Analytics FactoryTalk Analytics LogixAI FactoryTalk DataMosaix FactoryTalk Energy Manager Thingworx IIoT FactoryTalk Transaction Manager FactoryTalk Edge Manager Model Predictive Control
HMI
FactoryTalk View FactoryTalk Optix
 
MES
Plex MES FactoryTalk ProductionCentre FactoryTalk PharmaSuite Plex MES for Food & Beverage FactoryTalk CPGSuite Plex Quality Management System Plex Enterprise Resource Planning Plex Asset Performance Management Plex Production Monitoring Finite Scheduler FactoryTalk EIHub
 
Performance Monitoring
FactoryTalk Metrics OEE
 
Thin Client Management
ThinManager
Maintenance
Fiix CMMS FactoryTalk Analytics GuardianAI FactoryTalk AssetCentre FactoryTalk Remote Access FactoryTalk Network Manager Emonitor
 
Process
PlantPAx FactoryTalk Batch
 
Industrial Communications
FactoryTalk Linx
 
XR/Augmented Reality
Vuforia
Product Directory Allen-Bradley FactoryTalk
Services
Asset Optimization & Workforce Services
Asset Optimization Services Overview Equipment Repair Equipment Remanufacturing Repair and Inventory Agreements Integrated Service Agreements Remote Support & Monitoring Onsite & Field Services Safety Services Training Services
Cybersecurity & Network Infrastructure
Cybersecurity Industrial Network Infrastructure Pre-Engineered Network Solutions
Digital Thread
Overview
Production Automation
Overview Coordinated Drive System Solutions
Loading
LifecycleIQ Services
Solutions & Industries
Solutions
Advanced Motion & Robotics Asset Management Cybersecurity Data Operations & Analytics Digital Thread Digital Transformation Industrial Automation Control Industrial Components Networks & Infrastructure On-Machine Solutions
Packaged Solutions Process Solutions Production Automation Production Operations Management Safety Solutions  Scalable Control & Visualization Smart Manufacturing Sustainable Solutions Workforce Enablement
 
Solutions for
OEMs
Industries
Automotive & Tire Cement Chemical Entertainment Fiber & Textiles Food & Beverage Household & Personal Care Hydrogen Infrastructure Life Sciences
Marine Metals Mining Oil & Gas Power Generation Print & Publishing Pulp & Paper Semiconductor Warehouse & Fulfillment Water Wastewater
Loading
View Case Studies
Support
Documentation
Technical Documentation Center Product Drawings & Wiring Diagrams Product Certifications Release Notes Technical Specifications
Product Support
Downloads Selection & Configuration Management
Training
Webinars Workforce Development Training Instructor-led Courses Certificate Programs Job Aids Training Workstations Learning+ Training Subscriptions
Contact Us
TechConnect Support Customer Care Software Portal Help General Inquiries
TechConnect Support
TechConnect Support

Get the knowledge and assistance for solving your technical challenges.

Learn More about TechConnect
Compatibility and Downloads (PCDC) Knowledgebase Literature Library Engage Online Community
Sales & Partners
Find a Partner
Go to the Partner Finder
 
Our PartnerNetwork
PartnerNetwork Program Digital Partners Distributor Partners Licensed Developers
Original Equipment Manufacturer (OEM) Partners Strategic Alliance Partners System Integrator Partners Technology Partners
Order Online
Software Subscriptions E-learning Training Instructor-led Training Learning+ Training Subscriptions
What is the PartnerNetwork™?
What is the PartnerNetwork™?

Our Rockwell Automation PartnerNetwork™ program gives our customers access to the best people, products, services and solutions to meet manufacturing goals and bring The Connected Enterprise to life.

Explore Now
myRockwellAutomation
Careers
Investors
PartnerNetwork Portal
Contact Us
Resources
Popular Resources
Compatibility & Downloads (PCDC) Knowledgebase Literature Library Lifecycle Status Learning+ Training Portal
 
Product Management
Asset Management (RAAMP) Installed Base Evaluation (IBE) My Equipment Self-Service Product Registration Repairs Service Contracts & Tickets Software Activation Software Subscriptions Sustainability Dashboard
 
Product Configuration and Selection
Advisor Bill of Materials CrossWorks Integrated Architecture Builder Product Catalog ProposalWorks Proposal Builder ProposalWorks Standards Builder Safety Automation Builder
 

 

View All Tools →

Select country or region
  • Australia
  • Argentina
  • Belgique | Belgium
  • Brasil
  • Canada
  • Colombia
  • Czech Republic
  • Denmark
  • Deutschland
  • España
  • Finland
  • France
  • Hungary
  • India
  • Indonesia
  • Ireland
  • Israel
  • Italia
  • México
  • Netherlands
  • New Zealand
  • Norway
  • Poland
  • Portugal
  • Puerto Rico
  • Romania
  • Russia
  • Schweiz | Suisse
  • Singapore
  • South Africa
  • Sweden
  • Turkey
  • Ukraine
  • United Arab Emirates
  • United Kingdom
  • United States
  • Österreich
  • 中国
  • 台灣, 中國
  • 日本
  • 한국
Select language
  • English
  • Deutsch
  • Español
  • Français
  • Italiano
  • Português
  • 日本語
  • 简体中文
  • 繁體中文
  • 한국어
Sign In Create an Account
Why Create an Account?
Create bills of materials, submit repair quotes, register products and more!

Manage your e-communication subscription preferences.

Manage your user profile.
Welcome, {0}
Residing Location
My Account Sign Out
Your recent searches
  • HistoryHistory
    CloseClose
  • HistoryHistory
    CloseClose
  • HistoryHistory
    CloseClose
  • HistoryHistory
    CloseClose
  • HistoryHistory
    CloseClose
  • HistoryHistory
    CloseClose
All
Products
Documents
Downloads
Suggested search terms
  • SearchSearch
  • SearchSearch
  • SearchSearch
  • SearchSearch
  • SearchSearch
  • SearchSearch
Results for "{0}"
View all results
Product results for "{0}"
Product Image
Product Image
Product Image
View all product results
Document results for "{0}"
Portable Document Format.pdf file type
Publication Type: Published Date: Language:
Portable Document Format.pdf file type
Publication Type: Published Date: Language:
Portable Document Format.pdf file type
Publication Type: Published Date: Language:
View all document results
Download results for "{0}"
DownloadDownload
Catalog Numbers:
DownloadDownload
Catalog Numbers:
DownloadDownload
Catalog Numbers:
View all download results

PN852 | RSLinx Classic File Input Buffer Overflow in OpcTest.exe

Severity:
Medium
Advisory ID:
PN852
Published Date:
April 20, 2015
Last Updated:
April 20, 2015
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
Summary
RSLinx Classic File Input Buffer Overflow in OpcTest.exe

Introduction

RSLinx Classic File Input Buffer Overflow in OpcTest.exe

Description

April 20, 2015 - version 1.0

A vulnerability has been discovered by independent researcher Ivan Javier Sanchez in a non-critical software component distributed with certain versions of the RSLinx Classic product. The included executable, OpcTest.exe, is a test client for RSLinx’s support of the OPC-DA protocol. The discovered vulnerability is not remotely exploitable and successful social engineering is required to convince a victim to use the test client to open an untrusted, specifically modified CSV file on a target computer. A successful attack may potentially allow malicious code to execute on the target computer at the same privilege level as OpcTest.exe. At this time there is no known publicly available exploit code.

Rockwell Automation has verified the validity of Mr. Sanchez’ discoveries and a new software release has been issued for RSLinx Classic that includes a new version of OPCTest.exe to address the associated risk. Customers using affected versions of this software are encouraged to upgrade to this newest available software version. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures are provided herein.

AFFECTED PRODUCTS

The following software has been confirmed to be susceptible to the reported vulnerability:

Software Name Version
RSLinx Classic All versions prior to, not including 3.73.00

VULNERABILITY DETAILS, RISK and POTENTIAL IMPACTS

OpcTest.exe has a capability to import a comma-separated values (CSV) file, containing lists of tags and groups, so that the software user can easily subscribe to these items from the RSLinx Classic software. The discovered vulnerability is within the OpcTest.exe code that parses this CSV content. In certain cases where a uniquely crafted or altered file is used, the OpcTest.exe parser code execution can encounter a buffer overflow, which has potential to modify the stack and allow the execution of unknown code on the affected computer. If successful, such unknown code will be running at the same privilege level as the user who is logged into the machine.

Exploitation of this vulnerability requires an attacker to convince a user to introduce or replace CSV files with specifically created or modified CSV files that have been constructed to use this buffer overflow condition to successfully execute malicious code.

Potential impacts from a successful attack could include a software crash (e.g. Denial of Service) thereby requiring a software restart. In more extreme cases, the victim may not even be aware of vulnerability exploitation while an attacker has established a position on the client asset. A successful attack that includes malicious code injection may potentially grant the attacker the same, or higher privilege-level as the victim on the affected computer, up to and including computer administrative privileges.

CUSTOMER RISK MITIGATION AND REMEDIATION

Customers using affected versions of the RSLinx Classic are encouraged to upgrade to the newest available software versions that address associated risk and include added improvements to further harden the software and enhance its resilience against similar malicious attacks. Where feasible, additional precautions and risk mitigation strategies to this type of attack, like those listed below are similarly recommended. When possible, multiple strategies should be employed simultaneously.

  1. Do not open untrusted CSV files with OPCtest.exe
  2. Upgrade affected products as follows:

    Software Catalog Number Affected Software Recommendation
    RSLinx Classic 9355-WABSNENE; 9355-WABOEMENE; 9355-WABGWENE All software versions prior to 3.72.00.01 >>>

    Upgrade to 3.73.00 or higher (available now)

    Choose "RSLinx Classic (9355-WABx)" -- http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?keyword=9355-WAB

  3. Limit access to those assets with RSLinx Classic and other software to authorized personnel.
  4. Run all software as User, not as an Administrator.
  5. Restrict network access to assets with RSLinx Classic and other software as appropriate.
  6. Use trusted software and software patches that are obtained only from highly reputable sources.
  7. Interact with, and only obtain software and software patches from trustworthy websites.
  8. Use of Microsoft AppLocker or other similar Whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989.
  9. Follow good network design practices that include network separation and segmentation, use of DMZs with properly configured firewalls to selectively control and monitor traffic passed between zones and systems.
  10. Maintain layered physical and logical security, defense in depth design practices for the ICS.
  11. Reaffirm with employees the importance for constant vigilance, especially the ongoing potential for social engineering attacks to manipulate otherwise normal user behaviors.

Refer to http://www.rockwellautomation.com/rockwellautomation/products-technologies/network-technology/architectures.page? for comprehensive information about implementing validated architectures designed to deliver these measures.

We also recommend concerned customers continue to monitor this advisory, Rockwell Automation’s Security Advisory Index at https://www.rockwellautomation.com/en-us/company/about-us/sustainability/trust-security/security-advisories.html, and the company public security webpage at http://www.rockwellautomation.com/security for new and relevant information relating to this matter.

Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation Home Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Company
About Us Accessibility Careers Diversity, Ethics and Integrity Engage Online Community Investor Relations Modern Slavery Statement Sustainability Trust Center
 
News & Events
Newsroom Press Releases Automation Fair Upcoming Events
 
Trending Topics
Cybersecurity Digital Transformation Smart Manufacturing The Connected Enterprise®
 
Training
Webinars Workforce Development Training
 
PartnerNetwork
Find a Partner What is the PartnerNetwork?
 
Our Brands
Allen-Bradley FactoryTalk LifecycleIQ Services
Contact Us
TechConnect Support Customer Care General Inquiries How to Buy Report Ethical Concerns
Insights
Results Achieved Case Studies Blogs Automation Today Podcasts
BlogRockwell Automation's Blog
AU | EN
Legal Notices
Privacy & Cookies Policy
Email Preferences
Cookie Settings
Accessibility Settings
© 2025 Rockwell Automation
Rockwell Automation Home
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our Privacy Policy
CloseClose