Rewterz Threat Advisory – ICS: B&R Industrial Automation Automation Studio and Automation Runtime
February 21, 2020Rewterz Threat Advisory – ICS: Honeywell NOTI-FIRE-NET Web Server (NWS-3)
February 22, 2020Rewterz Threat Advisory – ICS: B&R Industrial Automation Automation Studio and Automation Runtime
February 21, 2020Rewterz Threat Advisory – ICS: Honeywell NOTI-FIRE-NET Web Server (NWS-3)
February 22, 2020Severity
High
Analysis Summary
CVE-2020-6967
Factory Talk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.
Impact
Deserialization of Untrusted Data
Affected Vendors
Rockwell Automation
Affected Products
All versions of FactoryTalk Diagnostics software
Remediation
Rockwell Automation recommends affected users implement the following compensating controls, based on their needs:
- Disable the Remote Diagnostics Service if not in use.
- If the service is in use, use Windows Firewall Configuration to disable the affected port.