Rockwell Automation 1756-EWEB <= 5.001 and 1768-EWEB <= 2.005 SNMP Denial of Service

high Nessus Network Monitor Plugin ID 720156
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted.

Description

An unauthenticated, remote threat actor could send a crafted UDP packet to the affected product's SNMP service. This can be a zero length SNMP packet (to recreate use: hping3 -2 -p 161). Improper handling of this crafted packet could result in a denial of service for SNMP; port 161 stops receiving messages until the device is power-cycled. The web UI may show that the service is running even if it is not available. The control functionality of the device is unaffected.

Solution

Disable the SNMP service if not in use.

See Also

https://www.tenable.com/security/research/tra-2019-06,https://ics-cert.us-cert.gov/advisories/ICSA-19-036-02,https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1084268

Plugin Details

Severity: High

ID: 720156

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2/5/2019

Vulnerability Publication Date: 2/5/2019

Reference Information

CVE: CVE-2018-19016