Automation Security (lack thereof)....I get these little reminders daily of how poorly everything is coded and tested. They're not vendor immune, and, I only have the products selected that we actually utilize on a regular basis....can you just imagine being barraged with this BS for your car? As an owner of an autonomous anything you won't, of course...all would avoid airing the dirty laundry. They'll just keep pushing updates down to the vehicle unbeknownst to the owner/operators...much like the 2018 Heep owners are currently having the pleasure of experiencing. Make no mistake, there's absolutely no difference between retail, commercial or industrial when it comes to security (lack thereof) and hackers. If it's a computer based device, of any kind, and is 'connected', these are the harsh realities. Be afraid, have an excellent lawyer at the ready, and, possess a very, very large check-book balance.
Rockwell Automation is releasing this notice titled "FactoryTalk Activation Manager Vulnerabilities". You are receiving this notification based on your Rockwell Automation Knowledgebase account and selected profiles of interest that you have established. Rockwell Automation is sending this notification based on the following profiles from Knowledgebase that include:
Category - "General" and/or "Product Security"
Please click on this link to review Knowledgebase Article ID 1073133 - https://rockwellautomation.custhelp.com ... id/1073133
FactoryTalk Activation Manager v4.00.02 and v4.01
• Includes Wibu-Systems CodeMeter v6.50b and earlier
FactoryTalk Activation Manager v4.00.02 and earlier
• Includes FlexNet Publisher v126.96.36.199 and earlier
The following products require FactoryTalk Activation Manager to store and keep track of Rockwell Automation software products and activation files. Customers who recognize products from the following list are using FactoryTalk Activation Manager.
• FactoryTalk® AssetCentre
• FactoryTalk® Batch
• FactoryTalk® EnergyMetrix™
• FactoryTalk® eProcedure®
• FactoryTalk® Gateway
• FactoryTalk® Historian Site Edition (SE)
• FactoryTalk® Historian Classic
• FactoryTalk® Information Server
• FactoryTalk® Metrics
• FactoryTalk® Transaction Manager
• FactoryTalk® VantagePoint®
• FactoryTalk® View Machine Edition (ME)
• FactoryTalk® View Site Edition (SE)
• FactoryTalk® ViewPoint
• RSLinx® Classic
• RSLogix 500®
• RSLogix 5000®
• RSLogix™ 5
• RSLogix™ Emulate 5000
• SoftLogix™ 5800
• Studio 5000 Architect®
• Studio 5000 Logix Designer®
• Studio 5000 View Designer®
• Studio 5000® Logix Emulate™
Vulnerability #1: CodeMeter Cross-Site Scripting
A Cross-Site Scripting ("XSS") vulnerability was found in certain versions of Wibu-Systems CodeMeter that may allow local attackers to inject arbitrary web script or HTML via a specific field in a configuration file, potentially allowing the attacker to access sensitive information, or even rewrite the content of the HTML page.
CVE-2017-13754 has been assigned to this vulnerability. Rockwell Automation evaluated the vulnerability using the Common Vulnerability Scoring System ("CVSS") v3.0. A CVSS v3 base score of 2.7/10 has been assigned. For a better understanding of how this score was generated, please follow this link: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N0/I:L/A:N
Vulnerability #2: FlexNet Publisher Remote Code Execution
A custom string copying function of Imgrd.exe (the license server manager in FlexNet Publisher) and flexsvr.exe does not use proper bounds checking on incoming data, potentially allowing a remote, unauthenticated user to send crafted messages with the intent of causing a buffer overflow.
CVE-2015-8277 has been assigned to this vulnerability. Rockwell Automation evaluated the vulnerability using the Common Vulnerability Scoring System ("CVSS") v3.0. A CVSS v3 base score of 9.8/10 has been assigned. For a better understanding of how this score was generated, please follow this link: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
RISK MITIGATIONS and RECOMMENDED USER ACTIONS
Customers with affected versions of CodeMeter and/or FlexNet Publisher that were installed with FactoryTalk Activation Manager are encouraged to review the table provided in Knowledgebase Article ID 1073133 for suggested actions that will address the risks associated with these vulnerabilities.
GENERAL SECURITY GUIDELINES
1. Ensure that the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum amount of rights as needed.
2. Run all software as User, not as an Administrator, to minimize the impact of malicious code on the infected system.
3. Use of Microsoft AppLocker or other similar Whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at https://rockwellautomation.custhelp.com ... _id/546989
4. Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by blocking or restricting access to TCP and UDP Port# 2222 and Port# 44818 using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID 898270.
5. Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
6. Locate control system networks and devices behind firewalls and isolate them from the business network.
7. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. VPN is only as secure as the connected devices.
For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.
Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.
We also recommend concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at: 54102 - Industrial Security Advisory Index.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.
If you have questions regarding this notice, please send an email to our product security inbox at: email@example.com
• 54102 - Industrial Security Advisory Index
• Wibu Systems AG CodeMeter 6.50b - Persistent XSS Vulnerability (From SecurityFocus)
• Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability (From the Vulnerability Notes Database)
LISTEN. THINK. SOLVE.
1201 South Second Street
If you would rather not receive notifications from the Knowledgebase, you can update your Knowledgebase profiles accordingly.
2010 Kizashi GTS, CVT, iAWD (3/10 build date)
2011 SX4 Premium Hatch, CVT, iAWD (12/10 build date)
2018 Mazda CX-5 iAWD Touring
2014 Wrangler JKUW (GONE, traded
1991 Samurai, 5-Speed, EFI, Soft-Top (