Number: AV20-194
Date: 15 June 2020
On 11 June 2020 US-CERT published an advisory for Rockwell Automation FactoryTalk Linx Software to address a vulnerability in an exposed API call allowing users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.
The following products are affected:
• FactoryTalk Linx versions 6.00, 6.10, and 6.11
• RSLinx Classic v4.11.00 and prior
The following products that utilize FactoryTalk Linx Software are affected:
• Connected Components Workbench: Version 12 and prior
• ControlFLASH: Version 14 and later
• ControlFLASH Plus: Version 1 and later
• FactoryTalk Asset Centre: Version 9 and later
• FactoryTalk Linx CommDTM: Version 1 and later
• Studio 5000 Launcher: Version 31 and later
• Studio 5000 Logix Designer software: Version 32 and prior
The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary manufacturer updates:
https://www.us-cert.gov/ics/advisories/icsa-20-163-02
Note to Readers
The Canadian Centre for Cyber Security (Cyber Centre) operates as part of the Communications Security Establishment. We are Canada’s national authority on cyber security and we lead the government’s response to cyber security events. As Canada's national computer security incident response team, the Cyber Centre works in close collaboration with government departments, critical infrastructure , Canadian businesses and international partners to prepare for, respond to, mitigate, and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response. The Cyber Centre is outward-facing, welcoming partnerships that help build a stronger, more resilient cyber space in Canada.