Loading

PN750 | FactoryTalk® Historian SE Security Vulnerability from PI OPC DA software interface

Severity:
Medium
Advisory ID:
PN750
Published Date:
November 02, 2012
Last Updated:
November 02, 2012
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Não
Corrected:
Não
Workaround:
Não
Summary
FactoryTalk® Historian SE Security Vulnerability from PI OPC DA software interface

Introduction

FactoryTalk® Historian SE Security Vulnerability from PI OPC DA software interface

Description

November 2, 2012 - version 1.0

In response to the ICS-CERT Advisory ICSA-12-201-01 – OSISOFT PI OPC DA INTERFACE BUFFER OVEFLOW, Rockwell Automation’s Security Taskforce conducted a thorough evaluation of Rockwell Automation products that include, or make use of the affected OSIsoft PI OPC DA interface software.

AFFECTED PRODUCTS
As a result of Rockwell Automation’s evaluation, we have determined the following Rockwell Software-brand product includes, and makes use of the OSIsoft PI OPC DA software interface:

FactoryTalk™ Historian SE versions 2.10.00, 2.20.00 and 3.00.00

VULNERABILITY DETAILS
Per ICSA-12-201-01, OSIsoft, LLC proactively disclosed the presence of "a stack-based buffer overflow in the PI OPC DA interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code." Furthermore, "Successful exploitation of this vulnerability could allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system."

Rockwell Automation includes and installs the PI OPC DA interface software with FactoryTalk™ Historian SE; however, this interface is NOT configured and it is NOT running by default. When the PI OPC DA interface software that has been included with the install is used for OPC communications, it is similarly susceptible to the above mentioned stack-based vulnerability and the system-wide effects of successful exploitation of the weakness.

RISK MITIGATION
ICSA-12-201-01 states, "OSIsoft has published a customer notification, and has released a product update that resolves this vulnerability." This release applies specifically to OSIsoft PI OPC DA software.

Rockwell Automation has validated this OSIsoft product update and taken similar measures to proactively release a product update for affected Rockwell Software FactoryTalk Historian SE versions. The software update and associated installation instructions can be found in the Rockwell Automation Knowledgebase at:

AID: 509721 - https://rockwellautomation.custhelp.com/app/answers/detail/a_id/509721

NOTE: We recognize that not all FactoryTalk Historian SE users employ the OPC interface; nonetheless, Rockwell Automation still recommends the above software update be applied to affected software to help mitigate potential future risk should the interface software be used at a later time.

In addition to applying the above software update to affected products, Rockwell Automation’s Security Taskforce recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, we suggest you apply multiple recommendations and complement this list with your own best-practices:

1. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and ControlNetworks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures.

2. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment and perform product firmware upgrades to that equipment.

3. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.

We also recommend concerned customers continue to monitor this advisory, Rockwell Automation’s Security Advisory Index (AID:54102) and www.rockwellautomation.com/security for new and relevant information relating to this matter.

For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/security

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Únìítèêd Kìíngdöôm
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Atualize suas preferências de cookies para continuar.
Este recurso requer cookies para melhorar sua experiência. Atualize suas preferências para permitir esses cookies:
  • Cookies de Redes Sociais
  • Cookies Funcionais
  • Cookies de Desempenho
  • Cookies de Marketing
  • Todos os Cookies
Você pode atualizar suas preferências a qualquer momento. Para mais informações, consulte nosso {0} Política de Privacidade
CloseClose