Rockwell Automation RSLinx Classic Vulnerability
Low RiskICS-CERT ICSA-15-111-02Jan 22, 2015
Summary
RSLinx Classic versions prior to 3.73.00 contain a stack-based buffer overflow vulnerability. The affected versions have no patch available from Rockwell Automation. RSLinx Classic is used for configuration and communication with legacy Rockwell PLC platforms including CompactLogix and SLC 500 controllers.
What this means
What could happen
A stack-based buffer overflow in RSLinx Classic could allow an attacker with network access to crash the application or potentially execute arbitrary code on the engineering workstation where it runs.
Who's at risk
This vulnerability affects Rockwell Automation RSLinx Classic, which is used by engineering and automation technicians for configuring and communicating with PLCs, CompactLogix, SLC 500, and other legacy Rockwell controllers. Any organization still using RSLinx Classic for device programming, monitoring, or diagnostics should assess their exposure.
How it could be exploited
An attacker on the network sends a specially crafted packet to RSLinx Classic, triggering a stack buffer overflow. This could crash the application, disrupting communication with PLCs and other devices, or in the worst case allow code execution on the workstation used for device programming and configuration.
Prerequisites
- Network access to RSLinx Classic application port
- RSLinx Classic version prior to 3.73.00 running on the target workstation
no patch availablestack buffer overflow (CWE-121)affects engineering workstations critical to configuration and maintenance
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
RSLinx Classic: <3.73.00.<3.73.00.No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate RSLinx Classic engineering workstations from untrusted networks using a firewall or network segmentation (DMZ, VLAN, or air-gap)
HARDENINGRestrict network access to RSLinx Classic to only authorized engineering staff and control network segments
Mitigations - no patch available
0/2RSLinx Classic: <3.73.00. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor RSLinx Classic for unexpected crashes or restarts that may indicate exploitation attempts
HARDENINGEvaluate migration to modern Rockwell Automation software (e.g., Studio 5000, FactoryTalk) as RSLinx Classic is legacy and no patch will be available
CVEs (1)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/9a0dfdee-8005-405d-bbf5-371e7468e572