09 July 2018

Multiple vulnerabilities in Allen-Bradley Stratix 5950 appliances

Multiple vulnerabilities have been identified in Rockwell Automation’s Allen-Bradley Stratix 5950 network security appliances. Successful exploitation of these vulnerabilities could allow attackers to circumvent the certificate verification procedure to connect to a target device or cause it to malfunction.

The issue is due to vulnerabilities in the Cisco Adaptive Security Appliance (Cisco ASA) operating system, which is used in Allen-Bradley Stratix 5950 solutions. The vulnerability affects the following Allen-Bradley Stratix 5950 models running Cisco ASA version 9.6.2 or earlier:

  • 1783-SAD4T0SBK9;
  • 1783-SAD4T0SPK9;
  • 1783-SAD2T2SBK9;
  • 1783-SAD2T2SPK9.

Critical issues (CVSS v.3 base score 8.6) include DoS vulnerabilities that can be exploited by remote unauthorized attackers to cause an affected device to malfunction.

One of these vulnerabilities (CVE-2018-0228) is due to the incorrect implementation of the ingress flow creation functionality and could allow an unauthenticated threat actor to cause CPU utilization to increase to 100%. Two other flaws (CVE-2018-0231 and CVE-2018-0240) are associated with the Cisco ASA Transport Layer Security (TLS) library and Cisco Firepower Threat Defense (FTD) respectively, and could both trigger a reload of an affected device.

A vulnerability in the web interface of Cisco ASA (CVE-2018-0296) could also lead to an unexpected reload of an affected device and a denial-of-service condition. On some software releases, the ASA may not reload, but a threat actor could view sensitive system information without authentication.

Additionally, a vulnerability (CVE-2018-0227) in the SSL certificate authentication feature could allow an unauthenticated remote threat actor to establish a VPN connection and bypass certain SSL certificate verification steps. A CVSS v.3 base score of 7.5 has been calculated for this vulnerability.

The vendor is developing fixes for the vulnerabilities identified in the firmware of its devices.

Source: ICS-CERT