ICSA-18-263-02 · Published 2018-09-20 · View on CISA ICS-CERT ↗

Rockwell Automation RSLinx Classic

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.

CVE-2018-14829 CVE-2018-14821 CVE-2018-14827

Rockwell Automation has released a new version of the software that can found at Rockwell Automation knowledgebase article KB 1075712
Rockwell Automation also reports that users can disable Port 44818 if it is not utilized during system operation. For more details on how to disable the port and for Rockwell Automation's general security guidelines, please visit knowledgebase article KB 1075747 (login is required)
Please see Rockwell Automation's industrial security advisory at the following location on their website for further details (login is required)

Rockwell Automation

Rockwell Automation · RSLinx Classic <= 4.00.01

Critical Manufacturing, Energy, Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.