Severity:
High
Advisory ID:
PN1516
Fecha de publicación:
June 25, 2020
Última actualización:
June 25, 2020
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
CVE IDs
CVE-2020-14478
Resumen
FactoryTalk Services Platform XXE Vulnerability
Revision History
Revision Number
1.0
Revision History
Version 1.0 - June 25, 2020. Initial Release.
Executive Summary
Rockwell Automation received a report from researchers at Applied Risk regarding a vulnerability in versions of FactoryTalk® Services Platform which if successfully exploited, could lead to a denial-of-service (DoS) condition and to the arbitrary reading of any local file via system-level services.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Affected Products
FactoryTalk Services Platform, versions 6.11.00 and earlier.
Nearly all FactoryTalk® software ships with FactoryTalk Services Platform. If you are unsure if you have FactoryTalk Services Platform installed, please see QA5266 for additional details.
Nearly all FactoryTalk® software ships with FactoryTalk Services Platform. If you are unsure if you have FactoryTalk Services Platform installed, please see QA5266 for additional details.
Vulnerability Details
CVE-2020-14478: Weakly Configured XML Parser
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML parser to access local or remote content. A successful exploit could potentially cause a denial-of-service (DoS) condition and allow the attacker to arbitrarily read any local file via system-level services. The details of this file could then be forwarded to the attacker.
CVSS v3.0 Base Score: 8.4/HIGH
CVSS v3.0 Vector String: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H.
Risk Mitigation & User Action
Customers using the affected versions of FactoryTalk Services Platform are encouraged to update to an available software version that addresses the associated risk. Customers who are unable to update are directed towards risk mitigation strategies provided below and are encouraged, when possible, to combine these measures with the general security guidelines to employ multiple strategies simultaneously.
Product Family | Suggested Actions |
FactoryTalk Services Platform | Download patch for 6.11 (Download) |
General Security Guidelines
- Run all software as User, not as an Administrator, to minimize the impact of malicious code on the infected system.
- Use of Microsoft® AppLocker application or another similar whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at Knowledgebase Article ID QA17329 .
- Ensure that the least-privileged user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum amount of rights as needed.
- Use trusted software, software patches, antivirus/antimalware programs and interact only with trusted web sites and attachments.
See our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend that concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at: PN1354 - Industrial Security Advisory Index..
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions website.
Requests for additional information can be sent to the RASecure Inbox (rasecure@ra.rockwell.com).
Please direct all media inquiries to Kolve Byrd (KAByrd@ra.rockwell.com).
ADDITIONAL LINKS
Copyright ©2022 Rockwell Automation, Inc.