Home -> Resources -> SCADA/ICS Vulnerability Reference -> Rockwell RSLogicx

Rockwell RSLogix Overflow Vulnerability

September 13, 2011 (revised October 6, 2011)

Luigi Auriemma has publically disclosed a vulnerability with the Rockwell RSLogix application.

RSLogix is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, denying service to legitimate users.

RSLogix 5000 versions V17, V18 and V19 are vulnerable. In additional, all FactoryTalk-branded software versions CPR9 and CPR9-SR1 through SR4 are vulnerable. Other versions may also be affected.

Rockwell has produced patches that mitigate this vulnerability for all affected versions of FactoryTalk Services Platform and RSLogix 5000.

ICS-CERT Advisories / Alerts

ICSA-11-273-03A
ICSA-11-273-03
ICS-ALERT-11-256-05A
ICS-ALERT-11-256-05

Vendor Website (include Patches / Hotfixes)

Vendor Homepage
RSLogix Product Info
Rockwell Security Advisory 54102 (requires Login)
Rockwell Factorytalk 2.30 (CRP9 SR3) Patch: Vulnerability in RNAUtility.dll (requires Login)
Rockwell Factorytalk 2.40.00 (CRP9 SR4) Patch: Vulnerability in RNAUtility.dll (requires Login)
Rockwell Factorytalk (CRP9 SRx) Patch: Vulnerability in RNAUtility.dll (requires Login)
FactoryTalk RnaUtility.dll Vulnerability Advisory 456144
RSLogix 5000 Software Potential Denial-of-Service Vulnerability Advisory 456065
Industrial Security Advisory Index 54102 (requires Login)

Exploit Proof-of-Concept

Exploit-DB ID 17843
Luigi Auriemma PoC

Common Vulnerability & Exposure (CVE) References

CVE-2011-3489

Additional Information

Disclosure (Luigi Auriemma)
Exploit-DB ID 17843
Security Focus Vulnerability Info and Exploit Bugtraq ID 49608

Rockwell Adds More Platform Patches (ISSSource)
New Patches for Rockwell (ISSSource)
SCADA Alert: Fixes in Works (ISSSource)
More SCADA Vulnerabilities Hit Industry (ISSSource)