Rockwell Automation RSLinx Classic

Risk Summary

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target device.

CVEs (1)

Remediations

• Rockwell Automation has released patches to address earlier versions of RSLinx Classic including v3.60, v3.70, v3.80, v3.81, v3.90, v4.00.01, v4.10. These patches can be found at Knowledgebase Article ID: 1084828
• Rockwell Automation has also stated that users may disable Port 44818 in RSLinx Classic if it is not utilized during system operation. To disable Port 44818, go to Options in RSLinx Classic. Then in the General tab of the Options pop-up, uncheck the option “Accept UDP Messages on Ethernet Port”.
• Port 44818 is needed only when a user wants to utilize unsolicited messages. To check if you are using unsolicited messages, go to the “DDE/OPC” dropdown in RSLinx Classic. Select Topic Configuration and then go to the Data Collection tab in the Topic Configuration pop-up. If the “Unsolicited Messages” checkbox is marked, then Port 44818 is being used in the application.
• NOTE: In RSLinx Classic 4.10 or later, “Accept UDP Messages on Ethernet Port” checkbox is unchecked by default.
• For more information please see the Rockwell Automation security advisory

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems