OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Transaction Manager

Plan Patch7.5ICS-CERT ICSA-23-164-04Jun 13, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FactoryTalk Transaction Manager versions 13.10 and earlier contain a resource exhaustion vulnerability (CWE-400) that allows remote attackers to cause the application to crash or enter a high CPU/memory usage state, forcing manual restart and disrupting transaction logging and processing. The vulnerability is remotely exploitable with no authentication required and low attack complexity.

What this means
What could happen
An attacker could remotely crash the FactoryTalk Transaction Manager application or cause it to consume excessive CPU/memory, forcing an operator to manually restart the application and disrupting transaction processing and logging functions in the manufacturing operation.
Who's at risk
Manufacturing plants and process control facilities running FactoryTalk Transaction Manager (Rockwell Automation) for transaction logging and data management. Affects any organization using this application for manufacturing execution systems (MES) or production data archival.
How it could be exploited
An attacker on the network sends a crafted request to the FactoryTalk Transaction Manager (listening on the network). The application fails to properly validate or rate-limit the input, consuming resources and becoming unresponsive. No authentication is required to trigger the condition.
Prerequisites
  • Network access to FactoryTalk Transaction Manager service port
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects availability of production logging systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Transaction Manager: <= 13.10≤ 13.1013.00 Security Patch or v13.10 Security Patch
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to FactoryTalk Transaction Manager; ensure it is not reachable from the Internet or untrusted networks
HARDENINGPlace FactoryTalk Transaction Manager behind a firewall and isolate it from the business network
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXInstall v13.00 Security Patch or v13.10 Security Patch for FactoryTalk Transaction Manager
Long-term hardening
0/1
HARDENINGIf remote access is required, use a VPN with current security patches
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/065920cb-8ef8-45f3-a505-6855cdd3c9fc
Rockwell Automation FactoryTalk Transaction Manager | CVSS 7.5 - OTPulse