ICS-CERT Advisory: ICSA-13-095-02: Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities [open pdf - 77KB]
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "Researcher Carsten Eiram of Risk Based Security has identified multiple input validation vulnerabilities in Rockwell Automation's FactoryTalk Services Platform (RNADiagnostics.dll) and RSLinx Enterprise Software (LogReceiver.exe and Logger.dll). Rockwell Automation has produced patches that mitigate these vulnerabilities, and released the patches April 5, 2013. Rockwell Automation has tested the patches to validate that they resolve the vulnerabilities. These vulnerabilities could be exploited remotely."
ICS-CERT Advisory No. 13-095-02; Industrial Controls System-Cyber Emergency Response Team Advisory No. 13-095-02
U.S. Computer Emergency Readiness Team: http://www.us-cert.gov/