You are here

Rockwell Automation EtherNet/IP Web Server Modules (ICSA-19-036-02)

Rockwell Automation EtherNet/IP Web Server Modules (ICSA-19-036-02)

Created: Wednesday, February 6, 2019 - 10:18
Categories:
Cyber Security

The NCCIC has published an advisory on an improper input validation vulnerability in Rockwell Automation EtherNet/IP Web Server Modules. For 1756-EWEB (includes 1756-EWEBK), versions 5.001 and prior are affected. For CompactLogix 1768-EWEB, versions 2.005 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service. Rockwell Automation recommends that affected users disable the SNMP service if not in use. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.