(I)IoT Security News
ICS, News, Vulnerabilities

Rockwell Automation FactoryTalk Linx

Rockwell Automation FactoryTalk Linx

1. EXECUTIVE SUMMARY

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow a denial-of-service condition, remote code execution, or leak information that could be used to bypass address space layout randomization (ASLR).

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of FactoryTalk Linx are affected:

3.2 VULNERABILITY OVERVIEW

3.2.1    IMPROPER INPUT VALIDATION CWE-20

A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.

CVE-2020-27253 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

3.2.2    HEAP-BASED BUFFER OVERFLOW CWE-122

A heap overflow vulnerability exists within FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. 

CVE-2020-27251 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.3    HEAP-BASED BUFFER OVERFLOW CWE-122

A heap overflow vulnerability exists within FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR). 

CVE-2020-27255 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

3.3 BACKGROUND

3.4 RESEARCHER

Sharon Brizinov of Claroty reported these vulnerabilities to Rockwell Automation PSIRT.

4. MITIGATIONS

Rockwell Automation recommends users of the affected FactoryTalk Linx update to an available software revision that addresses the associated risk. 

Rockwell Automation recommends users who are unable to update the following mitigations or workarounds to further reduce risk. Users are encouraged, when possible, to combine these with general security guidelines to employ multiple strategies simultaneously:

For more information refer to Rockwell’s Industrial Security Advisory ID 1128684 (login required).

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

Source:

https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01

Related posts

SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer

(I) IoT
6 years ago

Hitachi Energy MicroSCADA Pro/X SYS600

(I)IoT
3 years ago

Siemens SCALANCE W780 and W740

(I) IoT
4 years ago
Exit mobile version