OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Edge Gateway

Plan Patch7.1ICS-CERT ICSA-23-164-03Jun 13, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

FactoryTalk Edge Gateway versions prior to 1.4 are vulnerable to a buffer over-read (CWE-125) that can be triggered by a local user, causing the application to crash and resulting in loss of data collection and monitoring. The vulnerability requires local code execution and cannot be exploited remotely.

What this means
What could happen
A local user can crash FactoryTalk Edge Gateway, disrupting data collection and monitoring for connected industrial devices and potentially preventing real-time alerts on process abnormalities.
Who's at risk
Water utilities and electric utilities using Rockwell Automation FactoryTalk Edge Gateway v1.3 to collect SCADA data from field devices and remote monitoring points should prioritize this update. The vulnerability primarily affects infrastructure that depends on continuous data aggregation and process monitoring.
How it could be exploited
An attacker with local access to the Edge Gateway system can trigger a buffer over-read condition that causes the application to crash. This requires physical access or compromised local user credentials on the gateway device itself.
Prerequisites
  • Local user account on the FactoryTalk Edge Gateway system
  • Local code execution capability (no remote exploitation possible)
local access requiredcauses denial of serviceaffects monitoring/alerting capabilitylow EPSS score suggests exploitation unlikely without local access
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Edge Gateway: v1.3v1.31.4
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict local access to Edge Gateway systems to authorized personnel only; limit interactive logins and service accounts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FactoryTalk Edge Gateway to version 1.4 or later
Long-term hardening
0/1
HARDENINGIsolate Edge Gateway devices on a separate industrial control network behind firewalls; prevent direct access from business networks and the Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/012f355e-2ec7-4315-a50d-147b1a18831f
Rockwell Automation FactoryTalk Edge Gateway | CVSS 7.1 - OTPulse