Rockwell Automation RSLinx Classic <= 4.00.01 Malformed CIP Packet Termination (deprecated)

high Nessus Network Monitor Plugin ID 720182

Synopsis

Rockwell Automation RSLinx Classic allows malformed CIP packet to cause an application termination.

Description

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to regain functionality.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02,https://www.tenable.com/security/research/tra-2018-26

Plugin Details

Severity: High

ID: 720182

Family: SCADA

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference Information

CVE: CVE-2018-14821