The NCCIC has published an advisory on an improper input validation vulnerability in Rockwell Automation EtherNet/IP Web Server Modules. For 1756-EWEB (includes 1756-EWEBK), versions 5.001 and prior are affected. For CompactLogix 1768-EWEB, versions 2.005 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service. Rockwell Automation recommends that affected users disable the SNMP service if not in use. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!