Loading

PN687 | FactoryTalk™ Diagnostics Receiver Service Vulnerability

Severity:
Medium
Advisory ID:
PN687
Published Date:
February 15, 2012
Last Updated:
February 15, 2012
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
Summary
FactoryTalk™ Diagnostics Receiver Service Vulnerability

Introduction

FactoryTalk™ Diagnostics Receiver Service Vulnerability

Description

February 15, 2012 - version 1.0

Update to January 31, 2012 - version 1.0

On January 17, 2012, Rockwell Automation was made aware of two security vulnerabilities in the FactoryTalk™ Diagnostics Receiver Service (RNADiagReceiver.exe) that if successfully exploited, may result in a Denial of Service condition.

AFFECTED PRODUCTS

Rockwell Automation’s Security Taskforce has determined the following Allen-Bradley products are affected by these vulnerabilities:

  • RSLogix 5000 (versions 17, 18, 19, 20)
  • FactoryTalk Directory
  • FactoryTalk Alarms & Events
  • FactoryTalk View SE
  • FactoryTalk Diagnostics
  • FactoryTalk Live Data
  • FactoryTalk Server Health

VULNERABILITY DETAILS

A successful attack occurs when the RNADiagReceiver.exe service receives a datagram on UDP port 4445 that exceeds 2000 bytes, or the service receives a specifically crafted datagram of a valid size. A successful attack to the service will result in two respective conditions:

1. Denial of Service (DoS) condition that prevents subsequent processing of connections on UDP port 4445.

2. Crash condition that disrupts further execution of the RNADiagReceiver.exe diagnostic service.

The disruption or failure of the service leads to the potential for disruption to the operation of any software that depends on the RNADiagReceiver.exe service. The vulnerability can be exploited remotely from a network-based attack; however, the Security Taskforce has determined that there is no known possibility of malicious code injection and no known escalation of privilege on the host machine that results from successful exploitation.

ADDRESSING THE RISK

Rockwell Automation has released a specific software patch to address this vulnerability in software products that incorporate the RNADiagReceiver.exe service:

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/471091

ADDITIONAL RISK MITIGATION

In addition to applying the above patch, Rockwell Automation recommends concerned customers configure firewalls to block the following TCP ports to prevent traversal of RNA messages into/out of the ICS system:

• 1330
• 1331
• 1332
• 4241
• 4242
• 4445
• 4446
• 6543
• 9111
• 60093
• 49281

We also recommend concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, we suggest you apply multiple recommendations and complement this list with your own best-practices:

1. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.

2. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment and perform product firmware upgrades to that equipment.

3. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.

Concerned customers should continue to monitor Rockwell Automation’s Security Advisory Index (AID:54102) and www.rockwellautomation.com/security for new and relevant information relating to security in Rockwell Automation products and systems.

For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Middle East
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose