Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.Īdditional mitigation guidance and recommended practices are publicly available on the ICS webpage on in the Technical Information Paper, ICS-TIP-12-146-01B-Targeted Cyber Intrusion Detection and Mitigation Strategies. Also recognize that VPN is only as secure as the connected devices.įor more information, please refer to Rockwell Automation’s security advisory: 54102-Industrial Security Advisory Index.ĬISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.ĬISA also provides a section for control systems security recommended practices on the ICS webpage on. When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.Locate control system networks and devices behind firewalls and isolate them from the business network.For more information on TCP/UDP ports used by Rockwell Automation products, see Knowledgebase Article ID 898270 Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the manufacturing zone by blocking or restricting access to TCP Ports 2222, 7153, and UDP Port 44818 using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances.Network-based vulnerability mitigations for embedded products:
UPDATE RSLINX CLASSIC PATCH
FactoryTalk Linx patch RAID# 1126433 (Login Required).FactoryTalk Linx/Services patch RAID# 1124820 (Login Required).Patch Roll-up for CPR9 SRx (Login Required).
Rockwell Automation recommends users apply these patches by following instructions in knowledgebase articles below: Sharon Brizinov and Amir Preminger (VP Research) of Claroty reported these vulnerabilities to Rockwell Automation and CISA.
This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.ĬVE-2020-12001 has been assigned to this vulnerability. The parsing mechanism that processes certain file types does not provide input sanitation.
UPDATE RSLINX CLASSIC CODE
This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.ĬVE-2020-11999 has been assigned to this vulnerability. Studio 5000 Logix Designer software: Version 32 and priorģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20Īn exposed API call allows users to provide files to be processed without sanitation.
Studio 5000 Launcher: Version 31 and later.FactoryTalk Linx CommDTM: Version 1 and later.FactoryTalk Asset Centre: Version 9 and later.Connected Components Workbench: Version 12 and prior.
UPDATE RSLINX CLASSIC SOFTWARE
The following products that utilize FactoryTalk Linx Software are affected: