09 July 2018
Multiple vulnerabilities in Allen-Bradley Stratix 5950 appliances
Multiple vulnerabilities have been identified in Rockwell Automation’s Allen-Bradley Stratix 5950 network security appliances. Successful exploitation of these vulnerabilities could allow attackers to circumvent the certificate verification procedure to connect to a target device or cause it to malfunction.
The issue is due to vulnerabilities in the Cisco Adaptive Security Appliance (Cisco ASA) operating system, which is used in Allen-Bradley Stratix 5950 solutions. The vulnerability affects the following Allen-Bradley Stratix 5950 models running Cisco ASA version 9.6.2 or earlier:
Critical issues (CVSS v.3 base score 8.6) include DoS vulnerabilities that can be exploited by remote unauthorized attackers to cause an affected device to malfunction.
One of these vulnerabilities (CVE-2018-0228) is due to the incorrect implementation of the ingress flow creation functionality and could allow an unauthenticated threat actor to cause CPU utilization to increase to 100%. Two other flaws (CVE-2018-0231 and CVE-2018-0240) are associated with the Cisco ASA Transport Layer Security (TLS) library and Cisco Firepower Threat Defense (FTD) respectively, and could both trigger a reload of an affected device.
A vulnerability in the web interface of Cisco ASA (CVE-2018-0296) could also lead to an unexpected reload of an affected device and a denial-of-service condition. On some software releases, the ASA may not reload, but a threat actor could view sensitive system information without authentication.
Additionally, a vulnerability (CVE-2018-0227) in the SSL certificate authentication feature could allow an unauthenticated remote threat actor to establish a VPN connection and bypass certain SSL certificate verification steps. A CVSS v.3 base score of 7.5 has been calculated for this vulnerability.
The vendor is developing fixes for the vulnerabilities identified in the firmware of its devices.