CVE-2018-14829: Rockwell Automation Stack Overflow High Risk Vulnerability

Recently, Rockwell Automation repaired a high-risk vulnerability in RSLinx Classic (CVE-2018-14829). RSLinx Classis is a software platform that Logix5000 Programmable Automation Controllers can use to collect a variety of Rockwell software applications. An attacker could remotely send a malicious CIP packet to port 44818, causing the software to stop responding and crash. At the same time, an attacker could continue to exploit the overflow vulnerability and eventually execute arbitrary code remotely on the affected system.

CVSS score

CVSS3.0 score: 10.0

For details, please refer to:

https://ics-cert.us-cert.gov/advisories/ICSA-18-263-02

Affected version

  • RSLinx Classic Versions <= 4.00.01

Unaffected version

Please refer to the official description for the detailed version (login required).

  (login required)

Solution

Rockwell Automation has released a new version to fix the above vulnerability. Please update the affected users as soon as possible to protect them. For details about the latest version, please log in to check the official instructions.

At the same time, Rockwell Automation officially advises users to close the port if they do not use port 44818 in operation. For instructions on how to close the port and other security guidelines, please log in to check the official instructions.