CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.5%
This updated advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-05A—Rockwell RSLogix Overflow Vulnerability” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page.
ICS-CERT is aware of a public report of an overflow vulnerability in Rockwell Automation’s RSLogix application that could lead to a denial-of-service condition.
Rockwell has produced a patch that mitigates this vulnerability for all affected versions of FactoryTalk Services Platform and RSLogix 5000.
According to Rockwell Automation, the following products are affected:
Successful exploitation of this vulnerability could result in a denial-of-service.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
Rockwell Automation provides industrial automation control and information products worldwide, across a wide range of industries.
RSLogix 5000 is a programming suite used to develop interfaces within the control system environment.
The FactoryTalk Services Platform is a collection of production and performance management systems.
A Read Access violation can occur when a specially crafted packet is sent to open ports running the
software. The open TCP ports are as follows:
CVE-2011-3489 has been assigned to this vulnerability in the National Vulnerability Database (NVD).http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3489, website last accessed September 30, 2011. A CVSS base score of 5.0 has been assigned.
This vulnerability is remotely exploitable.
Public exploits are known to target this vulnerability.
An attacker with a low skill level can create the denial-of-service.
Rockwell Automation recommends that concerned customers using FactoryTalk Services Platform Versions CPR9 and CPR9-SR1 through SR4 and customers using RSLogix versions V17, V18, and V19 apply patch AID 458689.
Customers using FactoryTalk Services Platform CPR7 and earlier, and RSLogix 5000 V16 and earlier, are not affected by this vulnerability.
For full patching instructions and additional information, refer to Rockwell Automation Security Advisory KB 456144.
ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks.
The Control Systems Security Program (CSSP) also provides a section for control system security recommended practices on the CSSP web page. Several recommended practices are available for reading and download, including_ _Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
rockwellautomation.custhelp.com/app/answers/detail/a_id/456144
rockwellautomation.custhelp.com/app/answers/detail/a_id/458689
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-11-273-03a
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Rockwell%20RSLogix%20Overflow%20Vulnerability%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-11-273-03a
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-11-273-03a&title=Rockwell%20RSLogix%20Overflow%20Vulnerability%20%28Update%20A%29
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-11-273-03a
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Rockwell%20RSLogix%20Overflow%20Vulnerability%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-11-273-03a