Vulnerabilities in Rockwell Automation industrial networking solutions

Critical vulnerabilities have been identified in several Rockwell Automation industrial networking devices. The issue is due to Cisco IOS or IOS XE versions with multiple vulnerabilities being used in these devices.

The vulnerabilities affect the following devices:

• industrial switches: Allen-Bradley Stratix Industrial Managed Ethernet Switch (versions 15.2(4a)EA5 and earlier);
• industrial switches: Allen-Bradley Stratix series 5400, 5410, 5700, 8000, and ArmorStratix Switches 5700;
• Services router: Allen-Bradley Stratix 5900 Services Router (versions 15.6.3M1 and earlier).

Cisco IOS and IOS XE vulnerabilities that affect the above solutions include:

• CVE-2018-0171 and CVE-2018-0156 – vulnerabilities in Cisco Smart Install Client software;
• CVE-2018-0172, CVE-2018-0173 and CVE-2018-0174 – vulnerabilities in option 82 of the DHCP protocol;
• CVE-2018-0158 – an improper validation of input data vulnerability in the Internet Key Exchange Version 2 (IKEv2) module;
• buffer overflow vulnerability, CVE-2018-0167, and format string vulnerability, CVE-2018-0175, in the LLDP subsystem;
• CVE-2018-0151 – vulnerability in the QoS subsystem;
• CVE-2018-0155 – vulnerability in the implementation of Bidirectional Forwarding Detection (BFD).

CVSS v.3 scores of 8.6 to 9.8 have been calculated for these vulnerabilities.

Successful exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to restart the device, causing a temporary denial-of-service condition. In addition, some of the vulnerabilities could be exploited to execute arbitrary code with elevated privileges.

Source: ICS-CERT