Security News > 2021 > January > DoS Vulnerabilities Found in Rockwell's FactoryTalk Linx and RSLinx Classic Products
Researchers have discovered vulnerabilities that expose Rockwell Automation's FactoryTalk Linx and RSLinx Classic products to denial-of-service attacks.
According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impacting the FactoryTalk Services Platform.
FactoryTalk Linx, formerly RSLinx Enterprise, is a widely used product designed for connecting Allen Bradley PLCs to Rockwell applications, including for programming, data acquisition and HMI interaction.
Two of the security holes affecting FactoryTalk Linx are caused by an unhandled exception in a DLL file and they can allow a remote, unauthenticated attacker to cause a DoS condition by sending specially crafted packets that result in the termination of the RSLinxNG.exe process.
The other vulnerability affecting FactoryTalk Linx is a buffer overflow in a DLL file and it can also result in a DoS condition by sending malicious packets that cause the RSLinxNG.exe process to terminate.
The flaw affecting the FactoryTalk Services Platform can be exploited for DoS attacks by convincing the targeted user to open a specially crafted log file.