Rockwell Rslinx Lite
OVERVIEW - Begin Update A Part 1 of 4 - This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page. End Update A Part 1 of 4 - Researcher Carsten Eiram of Risk Based Security has identified multiple input validation vulnerabilities in Rockwell Automation’s FactoryTalk Services Platform (RNADiagnostics.dll) and RSLinx Enterprise Software (LogReceiver.exe and Logger.dll). Rockwell Automation has produced patches that mitigate these vulnerabilities, and released the patches April 5, 2013. Rockwell Automation has tested the patches to validate that they resolve the vulnerabilities. Begin Update A Part 2 of 4 - Carsten Eiram discovered additional vulnerabilities after the patches were released in April, and Rockwell released new patches that mitigate the additional vulnerabilities on June 28, 2013. End Update A Part 2 of 4 - These vulnerabilities could be exploited remotely.
RSLinx Classic Lite. Explore RSLinx Classic RSLinx Classic for Rockwell Automation Networks and Devices is a comprehensive factory communication solution. Allen Bradley-RsLinx. • • • • RSLINX CLASSIC GETTING RESULTS GUIDE RSLinx Classic Lite RSLinx Classic Lite. Rockwell Software RSLinx Classic.
AFFECTED PRODUCTS The following FactoryTalk Services Platform and RSLinx Enterprise product versions are affected:. CPR9,. CPR9-SR1,. CPR9-SR2,. CPR9-SR3,. CPR9-SR4,.
CPR9-SR5,. CPR9-SR5.1, and. CPR9-SR6. IMPACT Successful exploitation of these vulnerabilities may result in a DoS condition to the services, service termination, and the potential for code injection.
Impact to individual organizations depends on many factors that are unique to each organization. ICS‑CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. BACKGROUND Rockwell Automation provides industrial automation control and information products worldwide, across a wide range of industries. FactoryTalk Services Platform (FTSP) shares data throughout a distributed system and enforces redundancy and fault tolerance while tracking changes in the system. RSLinx Enterprise is used for design and configuration, which provides plant-floor device connectivity for multiple Rockwell software applications. This software also has open interfaces for third-party human-machine interfaces (HMIs), data collection and analysis packages, as well as custom client-applications. According to Rockwell Automation, both products are deployed across several sectors including agriculture and food, water, chemical, manufacturing, and others.
The Rockwell product Web site states that these products are used in France, Italy, the Netherlands, and other countries in Europe, as well as the United States, Korea, China, Japan, and Latin American countries. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW. INTEGER OVERFLOW–NEGATIVE INTEGER The FactoryTalk Services Platform (RNADiagnostics.dll) does not validate input correctly and cannot allocate a negative integer.
By sending a negative integer input to the service over Port 4445/UDP, an attacker could cause a DoS condition that prevents subsequent processing of connections. An attacker could possibly cause the RNADiagnostics.dll or RNADiagReceiver.exe service to terminate. CVE-2012-4713 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C).
INTEGER OVERFLOW–OVERSIZED INTEGER a The FactoryTalk Services Platform (RNADiagnostics.dll) does not handle input correctly and cannot allocate an over-sized integer. By sending an over-sized integer input to the service over Port 4445/UDP, an attacker could cause a DoS condition that prevents subsequent processing of connections. An attacker could possibly cause the service to terminate. CVE-2012-4714 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C). Begin Update A Part 3 of 4.
IMPROPER EXCEPTION HANDLING The RSLinx Enterprise Software (LogReceiver.exe and Logger.dll) does not handle input correctly and results in a logic error if it receives a zero or large byte datagram. If an attacker sends a datagram of zero byte size to the receiver over Port 4444/UDP (user-configurable, not enabled by default), the attacker would cause a DoS condition where the service silently ignores further incoming requests. After discussion with the researcher and vendor, this vulnerability was a duplicate of CVE-2012-4715, and therefore the two vulnerabilities have been combined. CVE-2012-4715 will be retracted from the NVD Web site. CVE-2012-4695 has been assigned to this vulnerability.
A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C). End Update A Part 3 of 4 - - Begin Update A Part 4 of 4. OUT-OF-BOUNDS READ The RSLinx Enterprise Software (LogReceiver.exe) does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot.
CVE-2013-2805 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C). INTEGER OVERFLOW The RSLinx Enterprise Software (LogReceiver.exe) does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field.
By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. CVE-2013-2807 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C). INTEGER OVERFLOW The RSLinx Enterprise Software (LogReceiver.exe) does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field.
By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot.
Rockwell Rslinx Enterprise Download
CVE-2013-2806 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C). End Update A Part 4 of 4 - VULNERABILITY DETAILS EXPLOITABILITY These vulnerabilities could be exploited remotely.
Rslinx Rockwell Software
EXISTENCE OF EXPLOIT No known public exploits specifically target these vulnerabilities. DIFFICULTY An attacker with a low skill would be able to exploit these vulnerabilities. MITIGATION Rockwell Automation’s recommendation to asset owners using FTSP or RSLinx CPR9 through CPR9-SR4 is to upgrade to CPR9-SR5 or newer. Rockwell Automation also recommends that all asset owners using FTSP or RSLinx CPR9-SR5 and newer should apply the correlating patch for the version they are using. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): In addition, asset owners can find security information for other Rockwell Automation products at the Security Advisory Index page link below (login is required): ICS‑CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
Rockwell Rslinx Enterprise Download
Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices. ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT Web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with. ICS‑CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, which is available for download from the ICS-CERT Web site. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS‑CERT for tracking and correlation against other incidents. CWE-190: Integer Overflow or Wraparound, Web site last accessed April 05, 2013. NVD, NIST uses this advisory to create the CVE Web site report. Web site last accessed October 07, 2013. CVSS Calculator, Web site last accessed October 07, 2013. NVD, NIST uses this advisory to create the CVE Web site report.
Web site last accessed October 07, 2013. CVSS Calculator, Web site last accessed October 07, 2013. CWE-703: Improper Check or Handling of Exceptional Conditions, Web site last accessed April 05, 2013. NVD, NIST uses this advisory to create the CVE Web site report.
Web site last accessed October 07, 2013. CVSS Calculator, Web site last accessed October 07, 2013. CWE-125: Out-of-bounds Read, Web site last accessed October 07, 2013. NVD, NIST uses this advisory to create the CVE Web site report. This Web site will be active sometime after publication of this advisory.
CVSS Calculator, Web site last accessed October 07, 2013. CWE-190: Integer Overflow or Wraparound, Web site last accessed October 07, 2013. NVD, NIST uses this advisory to create the CVE Web site report. This Web site will be active sometime after publication of this advisory. CVSS Calculator, Web site last accessed October 07, 2013.
CWE-190: Integer Overflow or Wraparound, Web site last accessed October 07, 2013. NVD, NIST uses this advisory to create the CVE Web site report. This Web site will be active sometime after publication of this advisory. CVSS Calculator, Web site last accessed October 07, 2013. Contact Information For any questions related to this report, please contact the NCCIC at: Email: Toll Free: 1-888-282-0870 For industrial control systems cybersecurity information: or incident reporting: The NCCIC continuously strives to improve its products and services.
Cisco redundant power system 2300 manual. Regulatory information for this product is in the front matter of this manual. The Cisco Redundant Power System 2300 Hardware Installation Guide. Cisco Redundant Power System 2300. Is backward compatible with switches and routers previously supported by the Cisco Redundant Power System 675.
You can help by choosing one of the links below to provide feedback about this product.