CISA flags Rockwell RSLinx Classic CVE-2020-13573
Patch planning should start with OT exposure, because this one needs no credentials and sits in widely deployed plant-floor software.
TL;DR
CISA issued ICSA-26-167-02 for CVE-2020-13573 in Rockwell Automation RSLinx Classic 4.50.00 and earlier. The stack-based buffer overflow can allow remote code execution, with no privileges or user interaction required. Critical manufacturing, energy, food and agriculture, and water operators should upgrade to 4.60.00 or apply Rockwell patch BF31213; CISA says it has no reports of known public exploitation.
CISA’s advisory gives OT teams a straightforward task: find RSLinx Classic instances at 4.50.00 or earlier, upgrade to version 4.60.00 or later, or apply Rockwell Automation’s BF31213 patch where an upgrade is not available. The affected software is deployed worldwide in critical manufacturing, energy, food and agriculture, and water and wastewater environments.
The operational issue is exposure, not paperwork. CISA rates the flaw high severity, with CVSS 3.1 at 7.5 and CVSS 4.0 at 8.7, and says exploitation requires no privileges and no user interaction. Rockwell reported the vulnerability to CISA, and CISA says it has not received reports of public exploitation targeting it. The usual ICS controls still matter here: keep control-system devices off the public internet, isolate OT from business networks, and treat remote access as part of the patch plan rather than a substitute for it.
Published ·Deep Fathom