This morning the DHS ICS-CERT published an
advisory for a stack-based buffer overflow vulnerability in Rockwell
Automations OPCTest.exe application in their RSLinx Classic. The vulnerability
was reported by Ivan Sanchez of WiseSecurity Team. Rockwell has produced a new
version that mitigates the vulnerability but there is no indication that
Sanchez was given the opportunity to verify the efficacy of the fix. This
advisory was originally released on the US CERT secure portal on April 21st,
2015.
ICS-CERT reports that it would take a relatively skilled
attacker to execute a social engineering attack to get an authorized user to
load the specially crafted file. The Rockwell advisory for this vulnerability is
only available to registered users.
It is interesting that this looks like exactly like the same
stack-based buffer overflow vulnerability reported last week in the Opto
22 advisory that OPTO blamed on the Rockwell OPCTest.exe application that
they used in their device. There are different CVE numbers for the two
vulnerabilities, but they were both discovered by Sanchez. This may also
explain why the Opto 22 advisory was not issued until April 30th
(nine days after the Rockwell alert was released to the Secure Portal) when Opto
published their advisory on April 7th. A lot more people use the
Rockwell equipment.
BTW: How many
other vendors are using the same OPCTest.exe application from Rockwell?
Posts
No comments:
Post a Comment