Loading

PN647 | ControlLogix 1756-EWEB Enhanced Web Server FTP Server Security Vulnerability

Severity:
High
Advisory ID:
PN647
Published Date:
June 15, 2011
Last Updated:
June 15, 2011
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
Summary
ControlLogix 1756-EWEB Enhanced Web Server FTP Server Security Vulnerability

Introduction

ControlLogix 1756-EWEB Enhanced Web Server FTP Server Security Vulnerability

Description

June 15, 2011 - Version 1.0

Rockwell Automation has identified a security vulnerability in the ControlLogix 1756-EWEB Series A Enhanced Web Server (the "Product"). Details of this vulnerability are as follows:

If the FTP server on the Product is enabled, the Product can be caused to enter a faulted state if it is sent FTP commands with arguments larger than a certain size. When in this faulted state, the Product becomes unresponsive and nonfunctional. To return to the Product to its normal operating condition, the power to the Product must be cycled.

The results from an attacker’s successful exploitation of this vulnerability could include Denial of Service (DoS) to the Product, loss of Product availability and disruption to both Product and system operation.

Rockwell Automation plans to directly mitigate this vulnerability in a forthcoming Product firmware release currently anticipated in February, 2012.

To immediately help reduce the likelihood of exploitation and associated security risk, Rockwell Automation recommends the following mitigation strategies. When possible, multiple strategies should be employed simultaneously:

  1. Disable the FTP server on the Product through its configuration screens. Refer to Rockwell Automation publication: Ethernet-UM527-EN-P (see Enable/disable Other Services section).
  2. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.
  3. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment.

For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status

Released

Copyright ©2022 Rockwell Automation, Inc.