Pierluigi Paganini April 07, 2019

Rockwell Automation released updates for Allen-Bradley Stratix industrial switches that address several DoS flaws introduced by Cisco software.

Rockwell Automation released security updates that address several DoS vulnerabilities in its Allen-Bradley Stratix industrial switches introduced by Cisco software.

ICS-CERT and Rockwell Automation published three separate advisories to warn of the effects of the vulnerabilities introduced by Cisco on Stratix 5400, 5410, 5700, 8000, 8300, 5950, and ArmorStratix 5700 switches.

“Successful exploitation of these vulnerabilities could result in a denial-of-service condition or time synchronization issues across the network via reloading the device, a buffer overflow, or memory exhaustion.” reads the advisory published by ICS-CERT.

The advisory warns of multiple high-severity vulnerabilities related to the Open Shortest Path First version 3 (OSPFv3), web framework, Precision Time Protocol (PTP), IPv6 processing, and Discovery Protocol components of Cisco IOS and IOS XE.

Remote and local authentication attackers could exploit the flaws to trigger a DoS condition by sending specially crafted packets to vulnerable devices.

The ICS-CERT published a separated advisory for a medium-severity flaw that resides in the Cisco Network Plug and Play agent. The vulnerability could be exploited by a remote and unauthenticated attacker to cause a device to reload by sending invalid data to the agent.

Rockwell Automation addressed the vulnerabilities with the release of versions 15.2(6)E2a, 15.2(6)E0a, and 15.2(4)EA7. while Cisco released security patches back in September 2018.

“Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a memory leak on an affected device, which may cause the device to reload.” reads the advisory published by the ICS-CERT.

The ICS-CERT published a third advisory for a high-severity vulnerability that Rockwell has yet to address, while Cisco addressed the flaw in September 2018. This vulnerability can be exploited by a remote and unauthenticated attacker to cause a device to reload by sending it malicious IPsec packets.

The flaw affects the IPsec feature of Stratix 5950 security appliance, which is disabled by default.

“Successful exploitation of this vulnerability could allow a remote attacker to cause an affected device to reload.” reads the advisory.

The company recommends avoiding using any IPsec VPN connections as a temporary mitigation.

Pierluigi Paganini

(SecurityAffairs – Rockwell Automation , hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]