Thursday, May 7, 2015

ICS-CERT Publishes Rockwell Advisory

This morning the DHS ICS-CERT published an advisory for a stack-based buffer overflow vulnerability in Rockwell Automations OPCTest.exe application in their RSLinx Classic. The vulnerability was reported by Ivan Sanchez of WiseSecurity Team. Rockwell has produced a new version that mitigates the vulnerability but there is no indication that Sanchez was given the opportunity to verify the efficacy of the fix. This advisory was originally released on the US CERT secure portal on April 21st, 2015.

ICS-CERT reports that it would take a relatively skilled attacker to execute a social engineering attack to get an authorized user to load the specially crafted file. The Rockwell advisory for this vulnerability is only available to registered users.

It is interesting that this looks like exactly like the same stack-based buffer overflow vulnerability reported last week in the Opto 22 advisory that OPTO blamed on the Rockwell OPCTest.exe application that they used in their device. There are different CVE numbers for the two vulnerabilities, but they were both discovered by Sanchez. This may also explain why the Opto 22 advisory was not issued until April 30th (nine days after the Rockwell alert was released to the Secure Portal) when Opto published their advisory on April 7th. A lot more people use the Rockwell equipment.

BTW: How many other vendors are using the same OPCTest.exe application from Rockwell?

No comments:

/* Use this with templates/template-twocol.html */