Rockwell Automation EDS Subsystem

CVSS 8.2 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could lead to a denial-of-service condition.

CVE-2020-12038 CVE-2020-12034

Apply patch by following the instructions in knowledgebase article RAid 1125928 (login required).
Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the manufacturing zone by blocking or restricting access to TCP Ports 2222, 7153 and UDP Port 44818 using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation products, see Knowledgebase Article ID 898270
Locate control system networks and devices behind firewalls and isolate them from the business network.
When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Rockwell Automation

Rockwell Automation · RSNetWorx software <= 28.00.00

Rockwell Automation · FactoryTalk Linx software (Previously called RSLinx Enterprise) 6.00 | 6.10 | 6.11

Rockwell Automation · Studio 5000 Logix Designer software <= 32

Rockwell Automation · RSLinx Classic <= 4.11.00

Critical Manufacturing, Energy, Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.