- What is the severity of CVE-2010-5305?
- CVE-2010-5305 has been scored as a critical severity vulnerability.
- How to fix CVE-2010-5305?
- As a workaround for remediating CVE-2010-5305: To help reduce the likelihood of exploitation and associated security risk, Rockwell Automation recommends the following immediate mitigation strategies (Note: multiple strategies are recommended to be employed simultaneously): * For PLC-5 controllers, enable and configure "Passwords and Privileges" via RSLogix 5 configuration software to restrict access to critical data and improve overall password security. * When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services. This functionality can be enabled via RSLogix 5 or RSLogix 500 software. (Consult Rockwell TechnoteRockwell Technote, http://rockwellautomation.custhelp.com/app/answers/detail/a_id/66678/kw/vulnerability/r_id/115100 , website last accessed January 12, 2010 for applicable firmware versions) * Use the latest version of RSLogix 5 or RSLogix 500 configuration software and enable FactoryTalk Security services. * Disable where possible the capability to perform remote programming and configuration of the product over a network to a controller by placing the controller's key switch into RUN mode. * For SLC controllers, enable static protection on all critical data table files to prevent any remote data changes to critical data. * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures. * Block all traffic to the CSP, Ethernet/IP, or other CIP protocol-based devices from outside the Manufacturing Zone by restricting or blocking access to TCP and UDP Port 2222 and Port 44818 using appropriate security technology (e.g., a firewall, UTM devices, or other security device). * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to make changes to control system equipment. * Frequently change the product’s password and obsolete previously used passwords to reduceexposure to threat from a product password becoming known.
- Is CVE-2010-5305 being actively exploited in the wild?
- It is possible that CVE-2010-5305 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~9% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2010-5305?
- CVE-2010-5305 affects Rockwell Automation PLC5, Rockwell Automation SLC5/0x, Rockwell Automation RSLogix.