Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers Stack-Based Buffer Overflow Vulnerability

A vulnerability in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted device.

The vulnerability is due to a stack-based buffer overflow condition in the affected devices. An attacker could exploit this vulnerability to execute arbitrary code on a targeted device. A successful exploit could cause the targeted device to stop functioning, resulting in a DoS condition.

Rockwell Automation has confirmed the vulnerability and released a firmware update.

CVE number = CVE-2017-16740
Analysis
To exploit this vulnerability, the attacker may need access to trusted, internal networks to monitor and intercept network communications. This access requirement reduces the likelihood of a successful exploit.
Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

Administrators are advised to monitor affected systems.

Vendor Announcements
ICS-CERT has released a security advisory at the following link: ICSA-18-009-01
Fixed Software
Rockwell Automation has released a firmware update at the following link: Rockwell Automation Updates




Image result for MicroLogix 1400

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.