PN657 | Opening a corrupted FactoryTalk Diagnostics Viewer Configuration file (*.ftd) could cause arbitrary code execution

Introduction

Description

June 24, 2011 - Version 1.0

A vulnerability has been discovered in some specific versions of the FactoryTalk Diagnostics Viewer that could allow the execution of arbitrary code by opening a corrupted FactoryTalk Diagnostics Viewer Configuration file (*.ftd). This vulnerability would require some form of social engineering to convince a user of the FactoryTalk Diagnostics Viewer to open the corrupted (*.ftd) file.

The vulnerability has been confirmed to affect only the versions of the FactoryTalk Diagnostics Viewer v2.10.x (CPR9 SR2) and earlier.

Details of this vulnerability are as follows:

This issue is caused by a vulnerability in Microsoft’s ATL library code (MS09-035). Vendors were required to rebuild with the updated development tools and re-release their products in order to resolve this issue. This potential vulnerability has been confirmed to affect only the versions of the FactoryTalk Diagnostics Viewer v2.10.x (CPR9 SR2) and earlier. The FactoryTalk Diagnostics Viewer v2.30.00 (CPR9 SR3) and later utilize an updated version of Microsoft library code and does not exhibit this issue.

This vulnerability is not remotely exploitable. There are currently no known active exploits of this potential vulnerability.

To help reduce the likelihood of compromise and the associated security risk, Rockwell Automation recommends the following mitigation strategy:

Concerned customers should upgrade to FactoryTalk Diagnostics Viewer (CPR9 SR3) or greater. The FactoryTalk Diagnostics Viewer v2.30 is not available as a standalone installation package. It is included and installed as a part of the FactoryTalk Services Platform v2.30 (CPR9 SR3). Please reference AID 42682 - "Rockwell Automation Software Product Compatibility Matrix" to make sure you understand any dependencies and/or compatibility issues that may exist with installation of this version of the Services Platform.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status