CVE-2014-5410

Summary

The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationAllen-Bradley MicroLogix 14000 <= 1766-Lxxxxx Series A FRN 7affected
Rockwell AutomationAllen-Bradley MicroLogix 14000 <= 1766-Lxxxxx Series B FRN 15.000affected
Rockwell AutomationAllen-Bradley MicroLogix 1400Series B FRN 15.001 or higherunaffected

Weaknesses

  • CWE-20: CWE-20

Workarounds

Users with Series A and Series B controllers are also recommended to apply the following risk mitigations:

  • Do not enable DNP3 communication in the product unless required.

  • Where appropriate, prohibit DNP3 communication that originates outside the perimeter of the manufacturing zone from entry into the zone by blocking communication directed at Ethernet communication Port 20000/TCP* and 20000/UDP* using appropriate security technology (e.g., a firewall, UTM devices, or other security appliance)

          *Note: Ports 20000/TCP and 20000/UDP are factory defaults as per the DNP3 specification but can be reconfigured by the product owner.

  • Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked.

  • Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment.

  • Employ layered security, defense-in-depth methods and network segregation and segmentation practices in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html http://www.ab.com/networks/architectures.html%20  for comprehensive information about implementing validated architectures designed to deliver these measures.

Please refer to Rockwell Automation’s product disclosure (AID 620295) for more information on this topic available at:

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295

ADP Enrichment

CVE Program Container

Additional References

References