CISA Warns of Stack-Based Buffer Overflow in Rockwell Automation RSLinx Classic
CISA disclosed CVE-2020-13573, a high-severity stack-based buffer overflow in Rockwell Automation RSLinx Classic versions ≤4.50.00, which could allow remote code execution or denial-of-service.
CISA has issued an advisory for CVE-2020-13573, a stack-based buffer overflow vulnerability in Rockwell Automation RSLinx Classic versions 4.50.00 and earlier. The flaw, which carries a CVSS v3.1 base score of 7.5 (HIGH), could allow an unauthenticated attacker to remotely execute arbitrary code or cause a denial-of-service condition where the application becomes unresponsive and cannot recover on its own.
The vulnerability stems from an out-of-bounds read (CWE-125) in the affected product. RSLinx Classic is a widely used communications server that provides connectivity between Rockwell Automation devices and various software applications, making it a critical component in industrial control system (ICS) environments. The advisory notes that the product is deployed worldwide across critical infrastructure sectors including Critical Manufacturing, Energy, Food and Agriculture, and Water and Wastewater.
Rockwell Automation has released version 4.60.00 to address the vulnerability. For customers unable to upgrade immediately, the company recommends applying patch BF31213 for their current version. The advisory also directs users to Rockwell's security advisory SD1774 for additional details. No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.
CISA recommends that organizations minimize network exposure for all control system devices, ensuring they are not accessible from the internet. Control system networks should be located behind firewalls and isolated from business networks. When remote access is required, more secure methods such as Virtual Private Networks (VPNs) should be used, though organizations should recognize that VPNs may have vulnerabilities and should be kept updated.
This advisory is part of CISA's ongoing effort to address vulnerabilities in industrial control systems. The agency reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on its ICS webpage, including the technical information paper 'Targeted Cyber Intrusion Detection and Mitigation Strategies.'
The vulnerability was reported to CISA by Rockwell Automation. While no active exploitation has been observed, the high CVSS score and the critical nature of the affected product underscore the importance of prompt patching. Organizations using RSLinx Classic should prioritize upgrading to version 4.60.00 or applying the available patch to mitigate potential risks.