You are here

Rockwell Automation RSLinx Classic (ICSA-18-263-02) – Product Used in the Water and Wastewater and Energy Sectors

Rockwell Automation RSLinx Classic (ICSA-18-263-02) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, September 20, 2018 - 17:24
Categories:
Cybersecurity

The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Rockwell Automation RSLinx Classic. Versions 4.00.01 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device. Rockwell Automation has released a new version of the software and also reports that users can disable Port 44818 if it is not utilized during system operation. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.