19 April 2018

Vulnerabilities in Rockwell Automation industrial networking solutions

Critical vulnerabilities have been identified in several Rockwell Automation industrial networking devices. The issue is due to Cisco IOS or IOS XE versions with multiple vulnerabilities being used in these devices.

The vulnerabilities affect the following devices:

Cisco IOS and IOS XE vulnerabilities that affect the above solutions include:

CVSS v.3 scores of 8.6 to 9.8 have been calculated for these vulnerabilities.

Successful exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to restart the device, causing a temporary denial-of-service condition. In addition, some of the vulnerabilities could be exploited to execute arbitrary code with elevated privileges.

Source: ICS-CERT