CyberSecurityBoard
Sponsor Register Login

Rockwell Automation FactoryTalk Activation

RISK EVALUATION. Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system.
Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems' products which internally use a version of libcurl that is vulnerable to a buffer overflow attack if curl is configured to redirect traffic through a SOCKS5 proxy.
A malicious proxy can exploit a bug in the implemented handshake to cause a buffer overflow.
If no SOCKS5 proxy has been configured, there is no attack surface.
CVE-2023-38545 has been assigned to this vulnerability.
A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is.
Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems' products which contain a heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to Version 7.60b that allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
CVE-2023-3935 has been assigned to this vulnerability.
A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is.
3.3 BACKGROUND 3.4 RESEARCHER. An anonymous researcher reported these vulnerabilities to CISA. 4.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks, recognizing VPNs may have vulnerabilities and should be updated to the most current version available.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploits that specifically target these vulnerabilities have been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Thu, 04 Jan 2024 16:36:06 +0000


Cyber News related to Rockwell Automation FactoryTalk Activation

CVE-2017-6015 - Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not ...
4 years ago
Rockwell Automation FactoryTalk Activation - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system. Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the ...
6 months ago Cisa.gov
Energy-Efficient Home Automation: Saving the Planet and Your Wallet - Home automation solutions offer an array of benefits, from improved convenience to decreased energy bills. This article will explore the types of home automation systems available, as well as their cost and potential for energy efficiency. The ...
6 months ago Securityzap.com
Home Automation for All: Enabling Independence - As technology advances, home automation provides a sense of empowerment for elderly and disabled individuals. Home automation for the elderly and disabled reduces dependence on others and promotes independence in the home environment. Home automation ...
6 months ago Securityzap.com
How to Get Started With Security Automation: Consider the Top Use Cases Within Your Industry - As the cybersecurity industry has matured, so has the approach security teams take to making decisions about investing in security tools. Instead of focusing on the latest product or technology, security professionals are focused on use cases such as ...
5 months ago Securityweek.com
AI and Automation - In recent years, developments in artificial intelligence and automation technology have drastically reshaped application security. On one hand, the progress in AI and automation has strengthened security mechanisms, reduced reaction times, and ...
6 months ago Feeds.dzone.com
Rockwell Automation FactoryTalk Historian SE - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. FactoryTalk Historian SE utilizes the AVEVA PI Server, which contains a vulnerability that could allow an ...
1 month ago Cisa.gov
Best practices for secure network automation workflows - Automation plays a critical role in modern networks. It helps network engineers manage networks with fewer repetitive manual tasks for greater agility. Network engineers cannot automate - or secure - what they don't understand. Understanding network ...
6 months ago Techtarget.com
CVE-2023-2444 - ...
1 year ago
CVE-2021-40128 - A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to ...
1 year ago
The dawn of the autonomous enterprise is on the horizon - 90% of IT decision-makers plan to deploy more automation, including AI, in the next 12 months, according to Digitate. 26% of respondents plan to implement machine-operated tasks that require limited human input or fully transition to autonomous ...
6 months ago Helpnetsecurity.com
Why RV Connex Chose Swimlane As "The Powerhouse" Of Their SOC - RV Connex is a Thailand-based company that specializes in national defense and space manufacturing. Since RV Connex has implemented security automation they have achieved significant progress. Tanajak Watanakij, Vice President of Cybersecurity and ...
6 months ago Securityboulevard.com
CVE-2021-22681 - Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix ...
2 years ago
It was other crims what did it: SBF off hook for FTX hack The Register - Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from ...
5 months ago Go.theregister.com
Achieving Continuous Compliance - If you've ever explored regulatory compliance and cybersecurity, you'll understand the importance of continuous compliance in the digital age, where evolving technology and regulations require constant vigilance. This article will cover the ...
6 months ago Feeds.dzone.com
CVE-2020-6967 - In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely ...
4 years ago
CVE-2021-32960 - Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the ...
2 years ago
CVE-2023-2637 - ...
1 year ago
CVE-2023-2639 - The underlying feedback mechanism of ...
1 year ago
CVE-2020-5807 - An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in ...
3 years ago
CVE-2020-12005 - FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 ...
4 years ago
Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation - Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three ...
7 months ago Thehackernews.com
Leveraging Automation for Risk Compliance in IT - Organizations often encounter the challenge of managing complex technology ecosystems while ensuring data security, compliance, and risk management. One crucial aspect of this challenge is risk compliance in IT environments, specifically Linux ...
6 months ago Securityboulevard.com
Drata unveils Adaptive Automation for streamlined compliance - Drata has unveiled a new offering, Adaptive Automation. Augmenting the scope of continuous control monitoring and evidence collection, Adaptive Automation empowers GRC professionals to save time and automate even more of their compliance program ...
3 months ago Helpnetsecurity.com
CVE-2020-12028 - In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)