Detections
Analytics

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix Improper Input Validation (CVE-2017-9312)

high Tenable OT Security Plugin ID 500168

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately.
 This plugin only works with Tenable.ot.
 Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Rockwell Automation recommends users with affected controllers apply firmware revision FRN (31.011 or later) to the affected products. The download can be obtained at the following location:

https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?crumb=112

Users who are unable to update are directed to employ the following general security guidelines:

- Block all traffic to Ethernet/IP or other CIP protocol-based devices from outside the Manufacturing Zone by blocking or restricting access to Port 2222/TCP and UDP and Port 44818/TCP and UDP using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID 898270 available at:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270/page/1 (login required).
- Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

When possible, users are recommended to apply the firmware revision in conjunction with the general security guidelines to employ multiple strategies simultaneously.

For more information on this vulnerability and more detailed mitigation instructions, please access an account in order to view Rockwell Automation’s advisory at the following location:

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073708 (login required).

See Also

http://www.securityfocus.com/bid/104528

https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02

http://www.nessus.org/u?14eb9d23

Plugin Details

Severity: High

ID: 500168

Version: 1.8

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2017-9312

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:rockwellautomation:compactlogix_1769-l16er-bb1b, cpe:/h:rockwellautomation:guardlogix_1769-l33ermos, cpe:/h:rockwellautomation:guardlogix_1769-l36ermos, cpe:/h:rockwellautomation:compactlogix_1769-l18er-bb1b, cpe:/h:rockwellautomation:compactlogix_1769-l36erm, cpe:/h:rockwellautomation:compactlogix_1769-l30er, cpe:/h:rockwellautomation:guardlogix_1769-l38erms, cpe:/h:rockwellautomation:compactlogix_1769-l33er, cpe:/h:rockwellautomation:compactlogix_1769-l33erm, cpe:/h:rockwellautomation:compactlogix_1769-l27er-qbfc1b, cpe:/h:rockwellautomation:guardlogix_1769-l36erms, cpe:/h:rockwellautomation:compactlogix_1769-l30er-nse, cpe:/h:rockwellautomation:compactlogix_1769-l18erm-bb1b, cpe:/h:rockwellautomation:guardlogix_1769-l33erms, cpe:/h:rockwellautomation:guardlogix_1769-l37erms, cpe:/h:rockwellautomation:compactlogix_1769-l19er-bb1b, cpe:/h:rockwellautomation:compactlogix_1769-l30erm, cpe:/h:rockwellautomation:guardlogix_1769-l30erms, cpe:/h:rockwellautomation:compactlogix_1769-l24er-qbfc1b, cpe:/h:rockwellautomation:compactlogix_1769-l24er-qb1b, cpe:/h:rockwellautomation:compactlogix_1769-l37ermo

Required KB Items: Tenable.ot/Rockwell

Exploit Ease: No known exploits are available

Patch Publication Date: 6/25/2018

Vulnerability Publication Date: 6/25/2018

Reference Information

CVE: CVE-2017-9312

CWE: 20

ICSA: 18-172-02