Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0052 ICSA-13-095-02 - Rockwell Automation Factorytalk and RSlinx - Multiple vulnerabilities 11 April 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Rockwell Automation Factorytalk & RSLinx Enterprise Operating System: Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-4714 CVE-2012-4713 CVE-2012-4695 Member content until: Saturday, May 11 2013 OVERVIEW Multiple vulnerabilities have been identified in Rockwell's Automation Factorytalk. [1] A vulnerability has been identified in Rockwell's RSLinx Enterprise [1] Software. IMPACT ICS-CERT have stated the following: "The FactoryTalk Services Platform (RNADiagnostics.dll) does not validate input correctly and cannot allocate a negative integer. By sending a negative integer input to the service over Port 4445/UDP, an attacker could cause a DoS condition that prevents subsequent processing of connections. An attacker could possibly cause the RNADiagnostics.dll or RNADiagReceiver.exe service to terminate. CVE-2012-4713 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C)." [1] "The FactoryTalk Services Platform (RNADiagnostics.dll) does not handle input correctly and cannot allocate an over-sized integer. By sending an over-sized integer input to the service over Port 4445/UDP, an attacker could cause a DoS condition that prevents subsequent processing of connections. An attacker could possibly cause the service to terminate. CVE-2012-4714 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C)." [1] "The RSLinx Enterprise Software (LogReceiver.exe and Logger.dll) does not handle input correctly and results in a logic error if it receives a zero byte datagram. If an attacker sends a datagram of zero byte size to the receiver over Port 4444/UDP (user-configurable, not enabled by default), the attacker would cause a DoS condition where the service silently ignores further incoming requests. CVE-2012-4695 has been assigned to this vulnerability. A CVSS v2 base score of 7.8 has been assigned; the CVSS vector string is (AV:N/AC:L/Au:N/C:N/I:N/A:C)." [1] MITIGATION The vendor has released patches to correct these vulnerabilities which are available from: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 REFERENCES [1] ICSA-13-095-02 ROCKWELL AUTOMATION FACTORYTALK AND RSLINX MULTIPLE VULNERABILITIES http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUWZUT+4yVqjM2NGpAQK4zQ/9Gd9pM29/tIy8mCE+jar8HeCnRZNOXKNX mX26iqCMB40MgHm6YNMakZLvD4zKnZYyLGHbjpr0S3X9P3Iu92SrtIDZgn9O4I5Z ET1KDzkEMteSFesMtLp+ofZs7gh2m+xwa4gceBEVuFMTUO7ZWnVjokxM+VjxPnHf h794uuuMnMHnbPTZlmOENCZojY8HnRt/k2gjga5o33r3tuv25sCiOwNSb6MsieD6 CH6cRfdRHn44eW6b+vFfwla2z48d6a0BQc7RrsmnBnJaKNinwjPhB9XalLsCJMvu C1QF0LAePHQSuKkF+aMcu50vYN2FVCVYbiDB34EVQYJmgQEBBHeuMR0OS2b6BO6j yaLN0Y0fDoLenGg5yblhY4OznuM1cNq/y3g24Iw6Qs7xa4lC8PTjyT2qx+C6Gech zKgIa1LdBgwVlUtF5lbsc6HUXknaWPFjC6Z/FHbBPCQCbED3Xq6qexcTC88m2mdU /+0VRUow8yAFqNmY7EVS8BSjxDktTVL3lFM/jTS6Aw68koPhwDqQxzphgg5RGpSz wb7L420hq4t2Ge6hWB2ttNc8uC5t7u0meSTEzTZftUfSSCo/LRFKY3TM38ek1ez4 04HaT7UwybInytVx+Av2t4E3JYiBQgKUzC+RrNOP2hBgYJgZg0N4DLYhpX+mBts4 R9GhXFTRCkY= =2pNJ -----END PGP SIGNATURE-----