RSLogix Remote Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Rockwell Automation RSLogix 5000
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49608

RSLogix is a programming package for separating, processing, batch processing, moving, protection, and driving applications.

RSLogix has a remote denial-of-service (DoS) vulnerability in the implementation of RnaUtility. dll. Remote attackers can exploit this vulnerability to crash applications and reject legitimate users.

The used RnaUtility. dll does not process 32-bit fields in the rna packet, resulting in zero overflow of memset and invalid read access.

<* Source: Luigi Auriemma (aluigi@pivx.com)

Link: http://aluigi.altervista.org/adv/rslogix_1-adv.txt
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://aluigi.org/poc/rslogix_1.zip

Nc SERVER 4446 <rslogix_1a.dat
Nc SERVER 4446 <rslogix_1b.dat

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Rockwell Automation
-------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.rockwellautomation.com/