Rockwell Fixes Switch Vulnerability

Thursday, June 23, 2016 @ 04:06 PM gHale


Rockwell Automation created a new firmware version to mitigate a resource management vulnerability in its Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 industrial networking switches, according to a report on ICS-CERT.

Rockwell identified the remotely exploitable issue.

RELATED STORIES
Advantech Clears ActiveX Holes
Schneider Fixes XSS Vulnerability
Moxa Fixes Switch Vulnerability
OSIsoft Fixes Input Validation Hole

The following Stratix industrial switches suffer from the issue:
• Allen-Bradley Stratix 5400 Industrial Ethernet Switch, firmware Versions 15.2(2)EA1, 15.2(2)EA2
• Allen-Bradley Stratix 5410 Industrial Distribution Switch, firmware Versions 15.2(2)EB

Successful exploitation of this vulnerability may allow a remote attacker to impact traffic (or packets) transiting the affected device.

Rockwell Automation, which is a Milwaukee, WI-based automation giant, provides industrial automation control and information products worldwide across a wide range of industries.

The affected products, Allen-Bradley Stratix 5400 and 5410, are industrial switches. The Allen-Bradley Stratix 5400 and 5410 switches see action across several sectors including critical manufacturing, energy, and water and wastewater systems.

These products see use on a global basis.

The vulnerability is due to improper processing of some Internet Control Message Protocol (ICMP) IPv4 packets. An attacker could exploit this vulnerability by sending ICMP IPv4 packets to an affected device allowing an attacker to corrupt the packet waiting for transmission.

CVE-2016-1399 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.8.

No known public exploits specifically target this vulnerability However, an attacker with low skill would be able to exploit this vulnerability.

The identified vulnerability was originally reported by Cisco to impact the Cisco Industrial Ethernet 4000 Series and 5000 Series switches. Rockwell Automation determined the vulnerability also impacts the Stratix 5400 Industrial Ethernet Switches and the Allen-Bradley Stratix 5410 Industrial Distribution Switches, which contain affected versions of the Cisco IOS firmware. In response to the vulnerability, Rockwell Automation released a new version of the Allen-Bradley Stratix 5400 and Allen-Bradley Stratix 5410 firmware, Version 15.2(4)EA3, which addresses the vulnerability. Rockwell encourages asset owners to upgrade to the newest available versions.

Click here to download Rockwell Automation’s new firmware version, Version 15.2(4)EA3, for the Allen-Bradley Stratix 5400 Industrial Ethernet Switches (Series A) and the Allen-Bradley Stratix 5410 Industrial Distribution Switches (Series A).

To determine if Allen-Bradley Stratix 5400 or Allen-Bradley Stratix 5410 switches are using vulnerable firmware, please refer to Rockwell Automation’s Knowledgebase article, KB866255: Upgrading or Verifying Stratix Firmware.