Rockwell Automation has patched several critical and high severity vulnerabilities in its RSLinx Classic communications software.
RSLinx Classic may be a wide used piece of software that permits organizations to attach Logix5000 programmable automation controllers to varied Rockwell applications, as well as for information acquisition, programming, HMI interaction, and configuration apps. The product is employed worldwide, chiefly within the energy, vital producing, and water and sewer water systems sectors.
According to advisories revealed recently by ICS-CERT and Rockwell Automation itself, researchers from well-founded and Nozomi discovered that RSLinx Classic is affected by 3 vulnerabilities which will enable malicious actors to launch denial-of-service (DoS) attacks, and presumably even execute arbitrary code.
The most serious of the failings is CVE-2018-14829, a stack-based buffer overflow that has been assigned a CVSS score of 10. a remote attacker will cause the appliance to crash by sending specially crafted CIP packets on port 44818. Triggering the buffer overflow also can cause remote code execution, illustrator and ICS-CERT warned.
Another severe vulnerability is CVE-2018-14827, which has a CVSS score of 8.6 and allows a remote and unauthenticated attacker to crash the application by sending specially crafted Ethernet/IP packets to the aforementioned port. Rockwell noted that the software must be restarted by the user following a successful exploit.
The last vulnerability, also classified as high severity, with a CVSS score of 7.5, is a heap-based buffer overflow tracked as CVE-2018-14821. This security bug also allows a remote and unauthenticated attacker to crash the software using malicious CIP packets.
The flaws affect RSLinx Classic 4.00.01 and prior. Patches have been released by the vendor for each impacted version.
Users can also protect themselves against potential attacks by disabling port 44818, which is only needed in certain scenarios.
These are not the only serious vulnerabilities patched recently by Rockwell Automation in RSLinx Classic. A few months ago, the company and ICS-CERT informed users of a high severity privilege escalation issue that also affected the FactoryTalk Linx Gateway product