Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2018-0158 CVE-2018-0151 CVE-2018-0167 CVE-2018-0175 |
CWE-ID | CWE-401 CWE-120 CWE-119 |
Exploitation vector | Network |
Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. |
Vulnerable software Subscribe |
Allen-Bradley Stratix 5900 Services Router Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Rockwell Automation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU11356
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0158
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to incorrect processing of certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets, trigger memory leak and cause the service to crash.
Rockwell Automation also recommends that users implement the following general security guidelines: - Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet. - Locate control system networks and devices behind firewalls, and isolate them from the business network. - When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Vulnerable software versionsAllen-Bradley Stratix 5900 Services Router: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU11342
Risk: High
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0151
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to boundary error in packets that are destined for UDP port 18999. A remote attacker can send specially crafted packets, trigger buffer overflow, cause the service to crash and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationRockwell Automation also recommends that users implement the following general security guidelines: - Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet. - Locate control system networks and devices behind firewalls, and isolate them from the business network. - When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Vulnerable software versionsAllen-Bradley Stratix 5900 Services Router: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU11351
Risk: Low
CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0167
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.
The weakness exists in the LLDP subsystem due to improper error handling of malformed LLDP messages. An adjacent attacker can submit a specially crafted LLDP protocol data unit (PDU), trigger buffer overflow, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationRockwell Automation also recommends that users implement the following general security guidelines: - Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet. - Locate control system networks and devices behind firewalls, and isolate them from the business network. - When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Vulnerable software versionsAllen-Bradley Stratix 5900 Services Router: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU11352
Risk: Low
CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0175
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.
The weakness exists in the LLDP subsystem due to improper handling of certain fields in an LLDP message. An adjacent attacker can submit a specially crafted LLDP PDU, trick the victim into executing a specific show command in the CLI, trigger memory corruption, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationRockwell Automation also recommends that users implement the following general security guidelines: - Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet. - Locate control system networks and devices behind firewalls, and isolate them from the business network. - When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
Vulnerable software versionsAllen-Bradley Stratix 5900 Services Router: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.