Yesterday the DHS ICS-CERT published an advisory for the Rockwell Automation FactoryTalk application concerning two vulnerabilities that could result in a DOS if successfully exploited. This advisory is a follow-up to an alert published in January which was based upon an uncoordinated disclosure by Luigi.
The two vulnerabilities are:
• Unexpected Return Value; CWE 389; and
• Read Access Violation, CWE 125.
A relatively low skilled attacker could use the available proof-of-concept code to craft a denial of service attack. Rockwell Automation has provided a security update to address this vulnerability. They also provided a list of TCP ports that should be blocked by a firewall “to prevent traversal of RNA messages into and out of the ICS system” (page 3). This is a valuable extension of information about the initially reported vulnerability.