Rockwell Fixes DoS, Memory Issues
Thursday, October 13, 2016 @ 05:10 PM gHale
Rockwell Automation created new versions of its Allen-Bradley Stratix industrial switches after reports surfaced that several vulnerabilities in Cisco’s semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication could affect the product, according to a report with ICS-CERT.
These vulnerabilities are remotely exploitable.
The following Rockwell Automation Allen-Bradley Stratix industrial switches suffer from the issues:
• Allen-Bradley Stratix 5400 Industrial Ethernet Switches versions 15.2(4)EA3 and earlier
• Allen-Bradley Stratix 5410 Industrial Distribution Switches versions 15.2(4)EA3 and earlier
• Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches versions 15.2(4)EA3 and earlier
• Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches versions 15.2(4)EA3 and earlier
• Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches versions 15.2(4)EA3 and earlier
An attacker who successfully exploits these vulnerabilities may be able to affect the availability of the affected products via memory exhaustion, module restart, information corruption, or information exposure.
Rockwell Automation, which is a Milwaukee, WI -based company, provides industrial automation control and information products worldwide across a wide range of industries.
The affected products, Allen-Bradley Stratix products, are industrial Ethernet switches. The Allen-Bradley Stratix switches see action across several sectors including critical manufacturing, energy, and water and wastewater systems. Rockwell Automation said these products see use on a global basis.
In one vulnerability, information obtained from an error log message, displayed when a remote connection to the device fails, could end up used to authenticate to the targeted device to cause a denial-of-service condition.
CVE-2016-6393 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
In terms of improper input validation, there are several ways a maliciously crafted packet may cause the affected device to restart.
CVE-2016-6382 is the case number been assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
In addition, an attacker could cause the device to reload or corrupt the information in the local DNS cache by intercepting and crafting a response message.
CVE-2016-6380 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.9.
Also, specially crafted packets sent to Port 4786/TCP could cause a memory leak that may result in a denial-of-service condition.
CVE-2016-6385 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.
No known public exploits specifically target these vulnerabilities. However, an attacker with a low to medium skills would be able to exploit these vulnerabilities.
Rockwell Automation encourages users using affected versions of these Stratix products to update to the latest available software versions addressing the associated risk, and including improvements to further harden the software and enhance its resilience against similar malicious attacks. Users can find the latest firmware version by selecting their device at this web site.
Additional precautions and risk mitigation strategies specific to these types of attacks are recommended in the Rockwell Automation security release. When possible, multiple strategies should end up implemented simultaneously.