Rockwell Automation has patched several critical and high severity vulnerabilities in its RSLinx Classic communications software.
RSLinx Classic is a widely used piece of software that allows organizations to connect Logix5000 programmable automation controllers to various Rockwell applications, including for data acquisition, programming, HMI interaction, and configuration apps. The product is used worldwide, mainly in the energy, critical manufacturing, and water and wastewater systems sectors.
According to advisories published recently by ICS-CERT and Rockwell Automation itself, researchers from Tenable and Nozomi discovered that RSLinx Classic is affected by three vulnerabilities that can allow malicious actors to launch denial-of-service (DoS) attacks, and possibly even execute arbitrary code.
The most serious of the flaws is CVE-2018-14829, a stack-based buffer overflow that has been assigned a CVSS score of 10. A remote attacker can cause the application to crash by sending specially crafted CIP packets on port 44818. Triggering the buffer overflow can also lead to remote code execution, Rockwell and ICS-CERT warned.
Another severe vulnerability is CVE-2018-14827, which has a CVSS score of 8.6 and allows a remote and unauthenticated attacker to crash the application by sending specially crafted Ethernet/IP packets to the aforementioned port. Rockwell noted that the software must be restarted by the user following a successful exploit.
The last vulnerability, also classified as high severity, with a CVSS score of 7.5, is a heap-based buffer overflow tracked as CVE-2018-14821. This security bug also allows a remote and unauthenticated attacker to crash the software using malicious CIP packets.
Register for SecurityWeek’s 2018 ICS Cyber Security Conference
The flaws affect RSLinx Classic 4.00.01 and prior. Patches have been released by the vendor for each impacted version.
Users can also protect themselves against potential attacks by disabling port 44818, which is only needed in certain scenarios.
These are not the only serious vulnerabilities patched recently by Rockwell Automation in RSLinx Classic. A few months ago, the company and ICS-CERT informed users of a high severity privilege escalation issue that also affected the FactoryTalk Linx Gateway product.
Related: Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors
Related: Rockwell Automation Patches Flaws in Simulation, Licensing Tools
Related: Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
