OTPulse
FeedAboutContact

Rockwell Automation FactoryTalk Linx

Plan Patch8.2ICS-CERT ICSA-23-290-02Oct 17, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

FactoryTalk Linx versions 6.20 and earlier contain an input validation vulnerability that could allow an unauthenticated remote attacker to cause information disclosure or denial of service. An attacker could send a malformed network request to the application, leading to either sensitive data leakage from the process or a crash that renders the system unavailable for monitoring and control operations.

What this means
What could happen
An attacker could extract sensitive information from FactoryTalk Linx or cause it to become unavailable, disrupting visualization and monitoring of production processes.
Who's at risk
Manufacturing operations using Rockwell Automation FactoryTalk Linx as a control system HMI or data aggregation platform. This includes automotive, food and beverage, pharmaceutical, and chemical processing facilities that rely on FactoryTalk for real-time monitoring and production control visibility.
How it could be exploited
An attacker sends a specially crafted network request to FactoryTalk Linx without authentication. The server fails to properly validate the input, allowing the attacker to either read memory containing sensitive data or trigger a crash that stops the application.
Prerequisites
  • Network access to FactoryTalk Linx (typically port 2222 or web interface port)
  • No credentials required
  • Attacker must know the target is running a vulnerable version
Remotely exploitableNo authentication requiredLow complexity attackNo patch available for affected versionsHigh availability impact (denial of service)
Exploitability
Moderate exploit probability (EPSS 2.5%)
Affected products (1)
ProductAffected VersionsFix Status
FactoryTalk Linx: <=6.20≤ 6.20No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate FactoryTalk Linx systems behind a firewall and restrict network access to only authorized engineering workstations and HMI clients
WORKAROUNDDisable remote access to FactoryTalk Linx unless absolutely required; if needed, use a VPN with current security updates
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade FactoryTalk Linx to a patched firmware version released by Rockwell Automation
Mitigations - no patch available
0/1
FactoryTalk Linx: <=6.20 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to separate FactoryTalk Linx from business networks and internet-facing systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3c9ea500-65bc-4dcb-a4ca-e3208586c688
Rockwell Automation FactoryTalk Linx | CVSS 8.2 - OTPulse