Check Point Advisories

Rockwell Automation FactoryTalk Services Platform Denial of Service (CVE-2018-18981)

Vulnerability
Protection

Check Point Reference:	CPAI-2019-0241
Date Published:	21 Feb 2019
Severity:	High
Last Updated:	Tuesday 26 February, 2019
Source:
Industry Reference:	CVE-2018-18981
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?	FactoryTalk AssetCentre FactoryTalk Activation Manager FactoryTalk Alarms & Events FactoryTalk Batch FactoryTalk eProcedure FactoryTalk Gateway FactoryTalk Historian Site Edition (SE) FactoryTalk Linx (formerly: RSLinx Enterprise) FactoryTalk Metrics FactoryTalk Transaction Manager FactoryTalk VantagePoint FactoryTalk View Machine Edition (ME) (Studio Only - no impact to PanelView Plus products) FactoryTalk View Site Edition (SE) FactoryTalk ViewPoint SE RSLinx Classic RSLogix 5000 (v20 Only) / Studio 5000 Logix Designer RSNetWorx Studio 5000 Architect
Vulnerability Description	A buffer overflow vulnerability exists in Rockwell Automation FactoryTalk Services Platform. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Rockwell Automation FactoryTalk Services Platform Denial of Service (CVE-2018-18981) protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: SCADA Protection Violation.
Attack Information: Rockwell Automation FactoryTalk Services Platform Denial of Service (CVE-2018-18981)