Rewterz

Rewterz Threat Alert – (TA416) Using Golang PlugX Malware Loader

November 25, 2020
Rewterz

Rewterz Threat Alert – APT-C-23 aka AridViper Active Again

November 25, 2020

Rewterz Threat Advisory – ICS: Rockwell Automation FactoryTalk Linx

Severity

High

Analysis Summary

CVE-2020-27253 

A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.

CVE-2020-27251

A heap overflow vulnerability exists within FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. 

CVE-2020-27255 

A heap overflow vulnerability exists within FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).

Impact

  • Denial of service
  • Remote code execution
  • Information disclosure

Affected Vendors

Rockwell Automation

Affected Products

FactoryTalk Linx: Version 6.11 and prior

Remediation

Rockwell Automation recommends users of the affected FactoryTalk Linx update to a fixed version.

FactoryTalk Linx v6.10/6.11

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.