Multiple vulnerabilities in Rockwell Automation products using GoAhead Web Server

Published: 2023-01-27

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2019-5096 CVE-2019-5097
CWE-ID	CWE-416 CWE-835
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	1756-EN2TSC/B Hardware solutions / Other hardware appliances 5069-AEN2TR Hardware solutions / Other hardware appliances 1747-AENTR Hardware solutions / Other hardware appliances 1732E-8IOLM12R Hardware solutions / Other hardware appliances 1732E-IB8M8SOER Hardware solutions / Other hardware appliances 1732E-OB8M8SR/A Hardware solutions / Other hardware appliances 1732E-OF4M12R/A Hardware solutions / Other hardware appliances 1732E-IT4IM12R/A Hardware solutions / Other hardware appliances 1732E-IR4IM12R/A Hardware solutions / Other hardware appliances 1732E-IF4M12R/A Hardware solutions / Other hardware appliances 1732E-8CFGM8R/A Hardware solutions / Other hardware appliances 1756-HIST2G/A Hardware solutions / Other hardware appliances 1756-HIST1G/A Hardware solutions / Other hardware appliances 1756-HIST2G/B Hardware solutions / Other hardware appliances 1756-EN2T/D Hardware solutions / Other hardware appliances 1756-EN2TR/C Hardware solutions / Other hardware appliances 1769-AENTR Hardware solutions / Other hardware appliances
Vendor	Rockwell Automation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU23339

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-5096

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a multi-part/form-data HTTP request with multiple Content-Disposition headers in the same request. A remote attacker can send a specially crafted HTTP request, corrupt heap structures and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

1756-EN2TSC/B: All versions

5069-AEN2TR: All versions

1747-AENTR: All versions

1732E-8IOLM12R: All versions

1732E-IB8M8SOER: All versions

1732E-OB8M8SR/A: All versions

1732E-OF4M12R/A: All versions

1732E-IT4IM12R/A: All versions

1732E-IR4IM12R/A: All versions

1732E-IF4M12R/A: All versions

1732E-8CFGM8R/A: All versions

1756-HIST2G/A: before C 7.100

1756-HIST1G/A: before C 7.100

1756-HIST2G/B: before 5.104

1756-EN2T/D: before 11.002

1756-EN2TR/C: before 11.002

1769-AENTR: before 1.003

CPE2.3

cpe:2.3:h:rockwell_automation:1756-en2tsc\/b:*:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-026-06

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Infinite loop

EUVDB-ID: #VU23340

Risk: Medium