Rockwell Automation FactoryTalk Activation Manager (Update A) (ICSA-18-102-02) – Product Used in the Water and Wastewater Sector

May 24, 2018

The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.

May 10, 2018

The NCCIC has released an advisory on vulnerabilities in Rockwell Automation FactoryTalk Activation Manager. For products shipped with Wibu-Systems CodeMeter v6.50b and earlier, versions 4.00 and 4.01 are affected. For products shipped with FlexNet Publisher, versions 11.11.1.1 and earlier are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to access sensitive information, rewrite content, or cause a buffer overflow that could result in remote code execution. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.