Loading

PN687 | FactoryTalk™ Diagnostics Receiver Service Vulnerability

Severity:
Medium
Advisory ID:
PN687
Date de publication:
February 15, 2012
Date de la dernière mise à jour:
February 15, 2012
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Non
Corrected:
Non
Workaround:
Non
Résumé
FactoryTalk™ Diagnostics Receiver Service Vulnerability

Introduction

FactoryTalk™ Diagnostics Receiver Service Vulnerability

Description

February 15, 2012 - version 1.0

Update to January 31, 2012 - version 1.0

On January 17, 2012, Rockwell Automation was made aware of two security vulnerabilities in the FactoryTalk™ Diagnostics Receiver Service (RNADiagReceiver.exe) that if successfully exploited, may result in a Denial of Service condition.

AFFECTED PRODUCTS

Rockwell Automation’s Security Taskforce has determined the following Allen-Bradley products are affected by these vulnerabilities:

  • RSLogix 5000 (versions 17, 18, 19, 20)
  • FactoryTalk Directory
  • FactoryTalk Alarms & Events
  • FactoryTalk View SE
  • FactoryTalk Diagnostics
  • FactoryTalk Live Data
  • FactoryTalk Server Health

VULNERABILITY DETAILS

A successful attack occurs when the RNADiagReceiver.exe service receives a datagram on UDP port 4445 that exceeds 2000 bytes, or the service receives a specifically crafted datagram of a valid size. A successful attack to the service will result in two respective conditions:

1. Denial of Service (DoS) condition that prevents subsequent processing of connections on UDP port 4445.

2. Crash condition that disrupts further execution of the RNADiagReceiver.exe diagnostic service.

The disruption or failure of the service leads to the potential for disruption to the operation of any software that depends on the RNADiagReceiver.exe service. The vulnerability can be exploited remotely from a network-based attack; however, the Security Taskforce has determined that there is no known possibility of malicious code injection and no known escalation of privilege on the host machine that results from successful exploitation.

ADDRESSING THE RISK

Rockwell Automation has released a specific software patch to address this vulnerability in software products that incorporate the RNADiagReceiver.exe service:

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/471091

ADDITIONAL RISK MITIGATION

In addition to applying the above patch, Rockwell Automation recommends concerned customers configure firewalls to block the following TCP ports to prevent traversal of RNA messages into/out of the ICS system:

• 1330
• 1331
• 1332
• 4241
• 4242
• 4445
• 4446
• 6543
• 9111
• 60093
• 49281

We also recommend concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, we suggest you apply multiple recommendations and complement this list with your own best-practices:

1. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.

2. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment and perform product firmware upgrades to that equipment.

3. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.

Concerned customers should continue to monitor Rockwell Automation’s Security Advisory Index (AID:54102) and www.rockwellautomation.com/security for new and relevant information relating to security in Rockwell Automation products and systems.

For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Accueil Rockwell Automation
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Veuillez mettre à jour vos préférences en matière de cookies pour continuer.
Cette fonctionnalité nécessite des cookies pour améliorer votre expérience. Veuillez mettre à jour vos préférences pour autoriser ces cookies:
  • Cookies de réseaux sociaux
  • Cookies fonctionnels
  • Cookies de performances
  • Cookies marketing
  • Tous les cookies
Vous pouvez mettre à jour vos préférences à tout moment. Pour plus d'informations, veuillez consulter notre {0} politique de confidentialité
CloseClose