Severity:
Critical
Advisory ID:
PN1525
Published Date:
July 30, 2020
Last Updated:
July 30, 2020
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2020-14516
Summary
FactoryTalk Services Platform Improper User Password Hashing
Revision History
Revision Number
1.0
Revision History
Version 1.0 - July 30, 2020. Initial Release.
Executive Summary
A vulnerability exists in FactoryTalk® Services Platform that prevents user passwords from being hashed properly. This vulnerability, if successfully exploited, may allow attackers to access and modify configuration and application data. This vulnerability only impacts native FactoryTalk Security users, not Windows® linked users.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Affected Products
FactoryTalk Services Platform, versions 6.10.00 and 6.11.00.
Nearly all FactoryTalk software ships with FactoryTalk Services Platform. If you are unsure if you have FactoryTalk Services Platform installed, please see Knowledgebase QA5266 for additional details.
Nearly all FactoryTalk software ships with FactoryTalk Services Platform. If you are unsure if you have FactoryTalk Services Platform installed, please see Knowledgebase QA5266 for additional details.
Vulnerability Details
CVE-2020-14516: Improper Implementation of Hashing Algorithm for User Passwords
There is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform 6.10 and 6.11 that prevents the user password from being hashed properly. A successful exploit could allow a remote, unauthenticated attacker to create new users in the FactoryTalk Services Platform administration console and this new user would allow the attacker to modify or delete configuration and application data in other FactoryTalk software connected to FactoryTalk Services Platform.
CVSS v3.0 Base Score: 10.0/CRITICAL
CVSS v3.0 Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Risk Mitigation & User Action
Customers using the affected versions of FactoryTalk Services Platform are encouraged to update to an available software version that addresses the associated risk. Customers who are unable to update are directed towards risk mitigation strategies provided below and are encouraged, when possible, to combine these measures with the general security guidelines to employ multiple strategies simultaneously.
Product Family | Suggested Actions |
FactoryTalk Services Platform | Follow the guidance provided in Knowledgebase Article ID: BF10207 in order to patch (link). |
General Security Guidelines
- Run all software as User, not as an Administrator, to minimize the impact of malicious code on the infected system.
- Use of Microsoft® AppLocker application or another similar whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at Knowledgebase Article ID QA17329.
- Ensure that the least-privileged user principle is followed, and the user/service account access to shared resources (such as a database) is only granted with the minimum number of rights as needed.
- Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted websites and attachments.
See our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation at PN1354 - Industrial Security Advisory Index.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions website.
Requests for additional information can be sent to the RASecure Inbox (rasecure@ra.rockwell.com).
Please direct all media inquiries to Kolve Byrd (KAByrd@ra.rockwell.com).
ADDITIONAL LINKS
Copyright ©2022 Rockwell Automation, Inc.