Rockwell Automation FactoryTalk Linx Gateway Critical Memory Corruption Vulnerability
A memory corruption vulnerability exists in Rockwell Automation FactoryTalk Linx Gateway versions 6.11 and prior that could allow an unauthenticated attacker to send a specially crafted packet to the gateway service, potentially causing memory corruption and remote code execution.
This section explains the vulnerability in everyday language, so anyone can understand the risk and impact.
A serious security flaw was found in Rockwell Automation's FactoryTalk Linx Gateway software, which is commonly used in industrial control systems to help different parts of a factory network communicate with each other. The vulnerability allows an attacker to send specially crafted messages to the system that could crash it or potentially take control of it, without needing any password or authentication.
This is particularly concerning because this software is often used in critical industrial systems like manufacturing plants, and a successful attack could disrupt operations or even cause safety issues. Think of it like finding a way to slip a malicious note through a mail slot that could cause the entire mailroom to malfunction.
Affected Products
Remediation
1. Upgrade to FactoryTalk Linx Gateway version 6.12 or later
2. If immediate upgrade is not possible, implement network segmentation to isolate affected systems
3. Restrict network access to TCP port 4241
4. Monitor network traffic for suspicious packets targeting the gateway service
Sources & References
- advisoryCISA ICS Advisory
- vendorRockwell Automation Security Advisory