Connect with us

Hi, what are you looking for?



DoS Vulnerabilities Found in Rockwell’s FactoryTalk Linx and RSLinx Classic Products

Researchers have discovered vulnerabilities that expose Rockwell Automation’s FactoryTalk Linx and RSLinx Classic products to denial-of-service (DoS) attacks.

Researchers have discovered vulnerabilities that expose Rockwell Automation’s FactoryTalk Linx and RSLinx Classic products to denial-of-service (DoS) attacks.

According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impacting the FactoryTalk Services Platform.

FactoryTalk Linx, formerly RSLinx Enterprise, is a widely used product designed for connecting Allen Bradley PLCs to Rockwell applications, including for programming, data acquisition and HMI interaction.

Two of the security holes affecting FactoryTalk Linx are caused by an unhandled exception in a DLL file and they can allow a remote, unauthenticated attacker to cause a DoS condition by sending specially crafted packets that result in the termination of the RSLinxNG.exe process. These issues have been rated high severity and they are tracked as CVE-2020-5801 and CVE-2020-5802.

The other vulnerability affecting FactoryTalk Linx is a buffer overflow in a DLL file and it can also result in a DoS condition by sending malicious packets that cause the RSLinxNG.exe process to terminate. However, while exploitation does not require authentication, it does require local access, according to Rockwell’s advisory, which Tenable has confirmed for SecurityWeek that is accurate.

Learn more about vulnerabilities in industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

The flaw affecting the FactoryTalk Services Platform can be exploited for DoS attacks by convincing the targeted user to open a specially crafted log file.

Advertisement. Scroll to continue reading.

“When the malicious log file is opened by a local user, it can cause a buffer overflow in the FactoryTalk Services Platform resulting in temporary denial-of-service conditions. Users can recover from the condition by reopening the impacted software,” the vendor explained (account required).

Rockwell Automation has not released patches for these vulnerabilities. It has, however, shared some risk mitigation recommendations, including network, software, social engineering and general mitigation strategies.

“A denial of service in the RSLinx component would not impact the operation of the PLC in most cases; however, it would prevent an Administrator from applying new configurations and changes to the PLC as well as lose visibility in the PLC’s operation,” David Wells, staff research engineer at Tenable, told SecurityWeek.

Cisco Talos this week revealed that one of its researchers discovered a high-severity flaw that can allow an attacker to cause a DoS condition in Rockwell’s RSLinx Classic, a widely used communication server for industrial automation products. The issue, tracked as CVE-2020-13573, is related to the product’s Ethernet/IP server functionality and it can be exploited by sending specially crafted network requests.

Rockwell Automation told Talos that the issue was resolved in November, but it appears that the vendor has not released a security advisory. Talos has published an advisory explaining how the vulnerability can be exploited.

Related: Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks

Related: Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software

Related: Hackers Can Target Rockwell Industrial Software With Malicious EDS Files

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...