← Back to home
ICSA-18-331-02  ·  Published 2018-12-20  ·  View on CISA ICS-CERT ↗

Rockwell Automation FactoryTalk Services Platform

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to diminish communications or cause a complete denial of service to the device.

CVEs (1)

Remediations

  • Rockwell Automation recommends that affected users update to the latest version of the application. The latest version can be found at the following link:https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=FTSP&crumb=112For more information see Rockwell Automation security advisory 1074747.Rockwell Automation recommends the following practices to secure this and other control systems devices:
  • Run all software as user, not as an administrator, to minimize the impact of malicious code on the infected system.
  • Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.
  • Refer to 546987—Rockwell Automation Customer Hardening Guidelines for the latest published guidelines for PC hardening and software security.
  • Use of Microsoft AppLocker or other similar whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available here (login required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989
  • Ensure that the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum amount of rights as needed.
  • Use trusted software, software patches, and anti-virus/anti-malware programs.
  • Minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.
  • Locate control system networks and devices behind firewalls, and isolate them from the enterprise network.
  • When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices they are installed in.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · FactoryTalk Services Platform <= 2.90

Affected Sectors

Food and Agriculture, Transportation Systems, andWater and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more