Rockwell Automation Patches Buffer Overflow in ICS App

There is a stack buffer overflow in a Rockwell Automation application that’s used to enable communications in industrial control applications used in manufacturing, energy, water,and other environments.

The vulnerability is in the RSLinx Classic product and it can be used to crash the application or run arbitrary code. However, the bug is not exploitable remotely and there is some social engineering needed in order to exploit it. An advisory from ICS-CERT says that all versions prior to 3.73.00 are vulnerable to the bug.

“The affected product, RSLinx Classic, is used to enable communications for a variety of Rockwell Software applications used in industrial control systems. According to Rockwell Automation, the software is used across several sectors including Critical Manufacturing, Energy, Water and Wastewater Systems, and others. Rockwell Automation estimates that the product is used globally,” the advisory says.

“Social engineering is required to convince a user to introduce and load a uniquely crafted CSV file that could cause a buffer overflow that may allow an attacker to crash the application, requiring a restart, or to execute malicious code with the same or higher privileges as the authenticated user.”

The advisory says that no public exploits are known to exist for this vulnerability and that exploiting it would be difficult.

“This vulnerability is not exploitable remotely and cannot be exploited without user interaction. The exploit is only triggered when a local user runs the vulnerable application and loads the malformed CSV file,” the advisory says.

“Crafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malicious file. Additional user interaction is needed to load the malformed CSV file. This decreases the likelihood of a successful exploit.”

Suggested articles