News
Vendors
Vulnerabilities

Security vulnerabilities identified in Rockwell Automation’s FactoryTalk Linx

November 27, 2020
FactoryTalk Linx

Three critical security vulnerabilities have been identified in Rockwell Automation’s FactoryTalk Linx, and exploitation of these weaknesses can allow a denial-of-service condition, remote code execution or leak of information that could be used to bypass address space layout randomization (ASLR) within the industrial control systems (ICS).

FactoryTalk Linx is included with most FactoryTalk software and functions as a data server to deliver information from Allen‑Bradley control products to the control system. The FactoryTalk industrial automation software has been built for supporting advanced industrial applications, which start at the edge where manufacturing happens and scale from on-premise to cloud.

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory last week recognizing that these security vulnerabilities could allow remote, unauthenticated attackers to send malicious port ranges, and remotely execute code. It was detected that the vulnerability could be manipulated using low skill levels. The vulnerability is at present undergoing analysis and all relevant details are not immediately available.

Currently, there are no known public exploits which have specifically targeted these vulnerabilities. A flaw has been identified in the Ingress/Egress checks routine of FactoryTalk Linx that could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device. A CVSS v3 base score of 8.6 has been calculated.

A heap overflow vulnerability was found within FactoryTalk Linx that can allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. A CVSS v3 base score of 9.8 has been measured.

Another heap overflow vulnerability was detected within FactoryTalk Linx, which could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of the ASLR. A CVSS v3 base score of 5.3 has been calculated for this weakness.

These security flaws were reported by Sharon Brizinov of Claroty to Rockwell Automation PSIRT.

Rockwell advised users of the affected FactoryTalk Linx to update to an available software revision that addresses the risks. Users are encouraged, when possible, to combine general security guidelines that use multiple strategies simultaneously such as running the software as ‘user’ instead of ‘administrator,’ using Microsoft AppLocker or other similar whitelisting application to help mitigate risk, and confirming that the least-privilege user principle is followed, so that user/service account access to shared resources is only granted with a minimum amount of rights as needed.

Users can also minimize network exposure for control system devices and/or systems and confirm that they are not accessible from the Internet. When remote access is required, use secure methods such as updated virtual private networks (VPNs).

Rockwell had last week expanded its cybersecurity certifications and added advanced security capabilities into more products, which connect production and IT systems, and combat cyberthreats targeting the ICS.

Last month, Rockwell Automation introduced its FactoryTalk Edge Gateway designed to simplify and accelerate IT/OT environments. It acts as a cornerstone of a broader edge platform offering that will include elements of pre-built data analytics models, machine learning, tailored applications and scalable computing.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns