Rockwell Automation, one of the top industrial automation companies in the world, patched a major security vulnerability in its popular software package RSLinx Classic. The software helps configure and communicate with industrial automation devices and networks.
Researchers at Tenable had earlier found that RSLinx Classic contained a stack buffer overflow flaw due to a DLL file used by the software. This could have allowed a remote attacker to execute arbitrary code on the automation device.
Worth noting
How to protect your devices?
Rockwell Automation, as well as ICS-CERT have released security advisories emphasizing the severity of the flaw. The advisories highlight how the buffer overflow flaw could also be avoided by disabling the target port.
“Port 44818 is needed only when a user wants to utilize unsolicited messages. To check if you are using unsolicited messages, go to the 'DDE/OPC' dropdown in RSLinx Classic. Select Topic Configuration and then go to the Data Collection tab in the Topic Configuration pop-up. If the 'Unsolicited Messages' checkbox is marked, then Port 44818 is being used in the application,” read the ICS-CERT advisory.
Therefore, RSLinx Classic users are advised to make sure industrial devices are not accessible from the Internet to minimize the risk of being remotely attacked due to the vulnerability.
Publisher