Severity:
High,
Medium
Advisory ID:
PN1551
公開日:
March 04, 2021
最終更新日:
March 04, 2021
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2020-14504,
CVE-2020-14502
概要
1734-AENTR Series B and Series C Contains Multiple Web Vulnerabilities
Revision History
Revision Number
1.0
Revision History
Version 1.0 – March 4, 2021. Initial Release.
Executive Summary
Rockwell Automation received a report from Adam Eliot of the Loon Security Team regarding two vulnerabilities in the web interface of the 1734-AENTR Series B and Series C communications module. If successfully exploited, these vulnerabilities may lead to data modification on the device.
Customers using affected versions of this firmware are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Customers using affected versions of this firmware are encouraged to evaluate the mitigations provided below and apply the appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.
Affected Products
1734-AENTR Series B, versions 4.001 to 4.005, and 5.011 to 5.01.
1734-AENTR Series C, versions 6.011 and 6.012.
1734-AENTR Series C, versions 6.011 and 6.012.
Vulnerability Details
CVE-2020-14504: Unauthenticated HTTP POST Requests
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request which may allow for modification of the configuration settings.
CVSSv3.1 Base Score: 7.5/10 [HIGH]
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-14502: Stored Cross Site Scripting (XXS)
The web interface of the 1734-AENTR Communications module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the “Home” page of the web interface.
CVSS v3.1 Base Score: 4.7/10 [MEDIUM]
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request which may allow for modification of the configuration settings.
CVSSv3.1 Base Score: 7.5/10 [HIGH]
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-14502: Stored Cross Site Scripting (XXS)
The web interface of the 1734-AENTR Communications module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the “Home” page of the web interface.
CVSS v3.1 Base Score: 4.7/10 [MEDIUM]
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Risk Mitigation & User Action
Customers using the affected 1734-AENTR Series B and Series C are encouraged to update to an available firmware version that addresses the associated risk. Customers who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with the general security guidelines to employ multiple strategies simultaneously.
Vulnerability Details | Recommended User Actions |
CVE-2020-14504 CVE-2020-14502 | 1734-AENTR Series B, update to firmware version 5.018. (Download). 1734-AENTR Series C, update to firmware version 6.013. (Download). |
General Security Guidelines
Network-based Vulnerability Mitigations for Embedded Products
General Mitigations
For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.
Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
See the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend that concerned customers continue to monitor this advisory by subscribing to PSA/PN/Security Notifications. This can be done by updating settings in Account Overview within the KnoweldgeBase.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.
- Utilize proper network infrastructure controls, such as firewalls, to help ensure that traffic from unauthorized sources are blocked.
General Mitigations
- Minimize network exposure for all control system devices and/or systems and ensure that they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715
- Locate control system networks and devices behind firewalls and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.
Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
See the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend that concerned customers continue to monitor this advisory by subscribing to PSA/PN/Security Notifications. This can be done by updating settings in Account Overview within the KnoweldgeBase.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.
Copyright ©2022 Rockwell Automation, Inc.