Control System: Rockwell Automation Logix5000 Controller Vulnerability

Number: AV17-002
Date: 10 January 2017

Purpose

The purpose of this advisory is to bring attention to a critical vulnerability affecting Rockwell Automation's Logix5000 Controller product line.

Assessment

Rockwell Automation's Logix5000 Controller product line consists of industrial control system devices leveraging Logix5000 control software. The Logix5000 Controller product line is used in a variety of industrial applications and sectors, including but not limited to: agriculture/food, manufacturing and water/wastewater systems.

Successful exploitation of this critical vulnerability could potentially allow a remote attacker to cause denial of service conditions or execute arbitrary code.

Affected Logix5000 Controller devices include those utilizing firmware versions FRN 16.00 - 21.00 (specific details can be found in ICS-CERT's advisory).

CVE Reference: CVE-2016-9343

Suggested action

CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.

References

ICS-CERT: ICSA-16-343-05 - Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability:
https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05

Rockwell Automation Firmware Downloads:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: