You are here

Rockwell Automation RSLogix 500 and RSLogix Micro File Parser Buffer Overflow Vulnerability (Update A) (ICSA-16-224-02A) – Product Used in Water and Wastewater Sector – Updated February 16, 2017

Rockwell Automation RSLogix 500 and RSLogix Micro File Parser Buffer Overflow Vulnerability (Update A) (ICSA-16-224-02A) – Product Used in Water and Wastewater Sector – Updated February 16, 2017

Created: Thursday, February 16, 2017 - 00:00
Categories:
Cybersecurity, Federal & State Resources

February 16, 2017

ICS-CERT has updated an advisory on a Rockwell Automation RSLogix 500 and RSLogix Micro file parser buffer overflow vulnerability. A security researcher has identified a parser buffer overflow vulnerability in Rockwell Automation’s RSLogix Starter Lite. Rockwell Automation investigated the matter and found that it also affected RSLogix 500 and other versions of RSLogix Micro. Rockwell Automation has released a new version of software, v11.00.00, which resolves the vulnerability. ICS-CERT.

September 15, 2016

ICS-CERT has posted an advisory on a parser buffer overflow vulnerability in Rockwell Automation’s RSLogix Starter Lite. Rockwell Automation investigated the matter and found that it also affected RSLogix 500 and other versions of RSLogix Micro. Rockwell Automation has produced a patch to mitigate this vulnerability in Version 8.40.00. A successful attack may potentially allow malicious code to execute on the target computer at the same privilege level as the logged-in user. These products are design and configuration software used with certain Rockwell Automation products. They are deployed worldwide across sectors including water and wastewater systems. ICS-CERT.