ABSTRACT

ICS-CERT Advisory: ICSA-13-095-02: Rockwell Automation FactoryTalk and RSLinx Multiple Vulnerabilities   [open pdf - 77KB]

This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "Researcher Carsten Eiram of Risk Based Security has identified multiple input validation vulnerabilities in Rockwell Automation's FactoryTalk Services Platform (RNADiagnostics.dll) and RSLinx Enterprise Software (LogReceiver.exe and Logger.dll). Rockwell Automation has produced patches that mitigate these vulnerabilities, and released the patches April 5, 2013. Rockwell Automation has tested the patches to validate that they resolve the vulnerabilities. These vulnerabilities could be exploited remotely."

Report Number:
ICS-CERT Advisory No. 13-095-02; Industrial Controls System-Cyber Emergency Response Team Advisory No. 13-095-02
Publisher:
Date:
2013-04-05
Copyright:
Public Domain
Retrieved From:
U.S. Computer Emergency Readiness Team: http://www.us-cert.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations