Rockwell Automation fixes critical flaw in AADvance Standalone OPC-DA Server
Take action: As usual for ICS systems: If you are using AADvance Standalone OPC-DA Server, confirm it's isolated from the internet and accessible from a trusted network. Then plan to patch it. Given that this is a very old flaw, if you haven't been hacked so far, your isolation work. But now you can't say you weren't warned.
Learn More
Rockwell Automation has reported critical vulnerabilities in its AADvance Standalone OPC-DA Server that could allow remote attackers to execute arbitrary code on affected systems.
Both are very old flaws, that are somehow still functional in Rockwell Automation products.
Vulnerability Overview
-
CVE-2018-1285 (CVSS v3.1 score: 9.8) - Improper Input Validation. The affected product’s log4net configuration file fails to disable XML external entities (XXE), allowing attackers to execute arbitrary code remotely.
-
CVE-2006-0743 (CVSS v3.1 score: 5.3) - Use of Externally Controlled Format String. This vulnerability occurs due to an improper format string in the log4net component, potentially enabling code execution or system disruption.
Affected versions are AADvance Standalone OPC-DA Server: Versions v2.01.510 and later.
Rockwell Automation has released updates to address these vulnerabilities. Users should update to version v2.02 or later. Additionally, Rockwell Automation recommends implementing security best practices to further reduce risks, such as:
- Minimizing network exposure of control systems.
- Isolating control systems behind firewalls and separating them from business networks.
- Using secure methods like VPNs for remote access, while ensuring VPNs are updated to the latest versions.
