CVE-2020-27251 Rockwell Automation FactoryTalk Linx (RCE)
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is 9.8 critical. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1.3 Affected Version
FactoryTalk Linx Version 6.11 and earlier version.
1.4 Vulnerability Attribution
This vulnerability is reported by Sharon Brizinov of Claroty.
1.5 Risk Impact
FactoryTalk® software is built for supporting an ecosystem of advanced industrial applications, including IoT. It all starts at the edge where manufacturing happens and scales from on-premises to cloud. Imagine supercharging your industrial environment with software that offers cutting edge design, maximizes operational efficiencies, and delivers predictive and augmented maintenance advantages. Valley Queen, one of the largest cheese producers in South Dakota and the largest employer in Milbank, Valley Queen procures milk from roughly 40 area farms, which enables the production of 500,000 pounds of cheese per day uses FactoryTalk.
An attacker exploiting this vulnerability would be able to plant backdoor or sabotage entire cheese production. A public domain exploit is not yet available.
1.6 Virsec Security Platform (VSP) Support:
The Virsec Security Platform (VSP)- Memory monitors stack based bufferoverflows and will prevent any attempt by attacker to exploit this type of vulnerability.
VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.
1.7 Reference Links:
- Jaxon Renewables Case Study — Corso Systems
Download the full vulnerability report to learn more about this and other important vulnerabilities.