Recently Rockwell Automation fixed a critical vulnerability (CVE-2018-14829) found in its RSLinx Classic, a software platform that allows Logix 5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications. A remote attacker could make the device being accessed stop responding and crash by sending a malicious CIP packet to Port 44818. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
A CVSS v3 base score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Reference link: https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02
Affected versions
RSLinx Classic Versions <= 4.00.01
Unaffected versions
Refer to https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712 (Login is required)
Mitigations
Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712 (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075712
Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation’s general security guidelines, please visit knowledgebase article KB 1075747 (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075747
