ICS-CERT informed organizations this week that Rockwell Automation has patched a high severity denial-of-service (DoS) vulnerability in one of its FactoryTalk products.
The vulnerability affects version 2.90 and earlier of FactoryTalk Alarms and Events (FTAE), a FactoryTalk Services Platform component installed by the Studio 5000 Logix Designer PLC programming and configuration tool, and the FactoryTalk View SE HMI software.
FTAE provides a consistent view of alarms and events via a View SE HMI system. The product is used worldwide in sectors such as critical infrastructure, entertainment, automotive, food and beverage, and water and wastewater.
The security hole, reported to Rockwell Automation by an unnamed company in the oil and gas sector, is tracked as CVE-2017-14022 and it has been assigned a CVSS score of 7.5. It allows an unauthenticated attacker with remote access to the product to cause its history archiver service to stall or terminate by sending specially crafted packets to TCP port 403.
“The history archiver service of FactoryTalk Alarms and Events is used to archive alarms and events to a Microsoft SQL Server database. Disrupting this capability can result in a loss of information, the criticality of which depends on the type of environment that the product is used in. The service must be restarted in order to restore operation,” Rockwell Automation said in an advisory published last month.
The vulnerability was addressed with the release of a patch for FactoryTalk Alarms and Events 2.90. Users of version 2.81 and earlier have been advised to update to version 2.90 and then apply the patch.
Alternatively, attacks can be mitigated by disabling TCP port 403. This port is typically used to log alarms and events via the historian service to a specified SQL Server database. However, if the historian and the FTAE services are on the same machine, port 403 is not needed as the information is logged to the local host. If the two services are on different machines, port 403 is needed and the mitigation cannot be applied.
Related: High Severity Flaws Patched in Rockwell Automation Tools
Related: Cisco IOS Flaws Expose Rockwell Industrial Switches to Remote Attacks
Related: Rockwell Updates Stratix Routers to Patch Cisco IOS Flaws
Related: Several Vulnerabilities Found in Rockwell Automation PLCs

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
- Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
- Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Latest News
- Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
