Today the DHS ICS-CERT published an update for the control system advisor they published back on April 5th, 2013. The update adds three additional vulnerabilities in the Rockwell Automation FactoryTalk and RSLinx applications. These new vulnerabilities were also discovered by Carsten Eiram of Risk Based Security after the earlier vulnerability updates were made to the Rockwell software. It is not clear why ICS-CERT issued an update instead of publishing a new advisory.
The update adds the following vulnerabilities:
• Out of bounds read, CVE-2013-2805;
• Integer overflow, CVE-2013-2807; and
• Integer overflow, CVE-2013-2806.
NOTE: Links may not work for a couple of days; not shutdown related.
The advisory reports that all three new vulnerabilities can be remotely exploited via Port 4444/UDP to conduct a denial of service attack. Rockwell has produced a new set of patches for these vulnerabilities. There is no indication that Carsten or any other outside agency has validated the efficacy of the most recent patch.