Talos experts disclosed unpatched DoS flaws in Allen-Bradley adapter

Cisco Talos found several remotely exploitable denial-of-service (DoS) vulnerabilities in a Rockwell Automation industrial automation product.

A researcher from Cisco Talos released technical details of several remotely exploitable denial-of-service (DoS) vulnerabilities in an industrial automation product made by Rockwell Automation.

The product affected by the flaw is the Allen-Bradley 1794-AENT Flex I/O series B adapter, the issue resides in the Ethernet/IP request path port/data/logical segment functionality.

Cisco Talos researcher has found five high-severity buffer overflow vulnerabilities that impact Allen-Bradley devices running versions 4.003 and earlier.

“The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modular platform. It provides many I/O operations and servers as a smaller physical device compared to other similar hardware.” reads the Cisco Advisory.

An attacker could exploit the above vulnerabilities by sending a specially crafted, malicious packet to the vulnerable device, this will causing a loss of communication between the victim’s network and the device resulting in denial-of-service.

Talos reported the flaws to Rockwell Automation in February and for two times the vendor requested disclosure extensions. When Rockwell Automation requested a third extension, Talos decided to disclose the issues on October 12 regardless of whether or not the vendor has released security updates.

Rockwell Automation published a security advisory for its registered customers on October 12 that includes general recommendations to prevent attacks exploiting the above flaws.

The vendor recommends configuring the devices to accept CIP connections only from trusted sources on port 44818. The company also suggests implementing network segmentation and security controls to minimize exposure of affected devices. Other recommendations include the use of firewalls, VPNs and other network infrastructure controls.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Allen-Bradley)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.