Sixnet Switches get Fix

Thursday, February 23, 2017 @ 04:02 PM gHale


Red Lion Controls and AutomationDirect released new firmware to fix a use of hard-coded cryptographic keys vulnerability in its Sixnet-Managed Industrial Switches and STRIDE-Managed Ethernet Switches, according to a report with ICS-CERT.

Successful exploitation of the hard-coded cryptographic key vulnerabilities could result in loss of data confidentiality, integrity, and availability. Mark Cross of RIoT Solutions identified the remotely exploitable vulnerabilities.

RELATED STORIES
VIPA Controls Patches WinPLC7 Hole
Siemens Updates DROWN Fix
Siemens Clears 2 RUGGEDCOM Holes
Rockwell Fixes Parser Buffer Overflow

A hard-coded cryptographic key vulnerability ended up identified. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot regenerate by the users, all products use the same key. The attacker could disrupt communication or compromise the system.

CVE-2017-9335 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.

The products see use in the critical manufacturing sector. The products also see action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker would require a low skill level.

The following Red Lion Controls Sixnet-Managed Industrial Switches suffer from the issue:
• Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and prior.

The following AutomationDirect STRIDE-Managed Ethernet Switch models, manufactured by Red Lion Controls, suffer from the vulnerability:
• Stride-Managed Ethernet Switches running firmware Version 5.0.190 and prior.

Red Lion Controls released SLX firmware Version 5.3.174 to address the hard-coded cryptographic keys issue. Red Lion Controls recommends updating to SLX firmware Version 5.3.174.

Automation Direct recommends updating to Stride Managed Ethernet firmware Version 5.3.174.



Leave a Reply

You must be logged in to post a comment.