← Back to home
ICSA-18-102-02  ·  Published 2018-05-31  ·  View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk Activation Manager (Update B)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to access sensitive information, rewrite content, or cause a buffer overflow that could result in remote code execution.

CVEs (2)

Remediations

  • Rockwell Automation recommends users with affected versions of CodeMeter and/or FlexNet Publisher that were installed with FactoryTalk Activation Manager to update Factory Talk Activation Manager to v4.02. If unable to update FactoryTalk Activation Manager to v4.02, update CodeMeter to a compatible version of CodeMeter that is compatible with FactoryTalk Activation Manager.
  • Rockwell Automation also encourages users to combine the updates above with these general security guidelines to employ multiple strategies simultaneously.
  • Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by blocking or restricting access to Port 2222/TCP and UDP and Port 44818/TCP and UDP, using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID 898270 available at: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270/page/1 (Login required).
  • Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
  • Locate control system networks and devices behind firewalls and isolate them from the business network.
  • When remote access is required, use secure methods such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. VPN is only as secure as the connected devices.
  • For more information about these vulnerabilities and the recommended mitigations, please see Rockwell Automation Knowledgebase Advisory 1073133 available at:

Affected Vendors

Rockwell Automation

Affected Products (2)

Rockwell Automation · FactoryTalk Activation Manager <= 4.00
Rockwell Automation · FactoryTalk Activation Manager 4.00 | 4.01

Affected Sectors

Chemical, Critical Manufacturing, Food and Agriculture, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more