|CERT-In Vulnerability Note
Rockwell Automation Products Multiple Vulnerabilities
Original Issue Date:May 16, 2018
Severity Rating: HIGH
- FactoryTalk Activation Manager v4.00 and v4.01
- Ships with Wibu-Systems CodeMeter v6.50b and prior
- FactoryTalk Activation Manager v4.00 and prior
- Ships with FlexNet Publisher v18.104.22.168 and prior
- Arena versions 15.10.00 and prior
Multiple Vulnerabilities have been reported in Rockwell Automation FactoryTalk Activation Manager and Arena which could allow a remote attacker to access sensitive information, rewrite content, or cause a buffer overflow and remote code execution.
1. Cross Site Scripting Vulnerability
This vulnerability exists in certain versions of Wibu-Systems CodeMeter. An attacker could exploit this vulnerability by injecting arbitrary web script or HTML via a specific field in a configuration file.
Successful exploitation of this vulnerability could allow an attacker to access sensitive information or rewrite the content of the HTML page.
Note: User interaction is required to exploit this vulnerability as the target must visit a malicious page or open a malicious file.
2. Buffer Overflow Vulnerability
This vulnerability exists in the license server manager in FlexNet Publisher due to an improper bounds checking on incoming data by a custom string copying function. An attacker could exploit this vulnerability by sending specially crafted messages.
Successful exploitation of this vulnerability could allow an attacker to cause a buffer overflow and execute arbitrary code.
3. Denial of Service Vulnerability
This is due to an use after free vulnerability exists in Rockwell Automation Arena which could be exploited an attacker by convincing the targeted user to open a specially crafted file. Successful exploitation of this vulnerability could allow an attacker to cause the software application to crash and loss of any unsaved data.
- Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the Manufacturing Zone.
- Restrict access to Port 2222/TCP and UDP and Port 44818/TCP and UDP
- Locate control system networks and devices behind firewalls and isolate them from the business network.
- Use secure methods such as Virtual Private Networks (VPNs) for remote access.
- Update to Automation Manager to version 4.02
- Update to the latest version of Arena software v15.10.01 or later
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003