Vulnerability Spotlight: Denial-of-service vulnerability in Rockwell Automation RSLinx

 

Alexander Perez-Palma of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered a denial-of-service vulnerability in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic. An attacker could exploit this vulnerability by sending the target a series of malicious packets. RSLinx Classic software is a communication server for the MicroLogix 1100 Programmable Controller. It helps plant devices communicate with other Rockwell server and client applications.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Rockwell Automation to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Rockwell Automation RSLinx classic ethernet/IP server denial-of-service vulnerability (TALOS-2020-1184/CVE-2020-13573)

A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information. 

Versions tested

Talos tested and confirmed that this vulnerability affects Rockwell Automation RSLinx Classic, version 2.57.00.14 CPR 9 SR 3.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 56208