Thursday, March 29, 2012

ICS-CERT Publishes Rockwell Automation Advisory

Yesterday the DHS ICS-CERT published an advisory for the Rockwell Automation FactoryTalk application concerning two vulnerabilities that could result in a DOS if successfully exploited. This advisory is a follow-up to an alert published in January which was based upon an uncoordinated disclosure by Luigi.

The two vulnerabilities are:

• Unexpected Return Value; CWE 389; and

• Read Access Violation, CWE 125.

A relatively low skilled attacker could use the available proof-of-concept code to craft a denial of service attack. Rockwell Automation has provided a security update to address this vulnerability. They also provided a list of TCP ports that should be blocked by a firewall “to prevent traversal of RNA messages into and out of the ICS system” (page 3). This is a valuable extension of information about the initially reported vulnerability.

No comments:

/* Use this with templates/template-twocol.html */