Multiple vulnerabilities in Rockwell Automation Stratix and ArmorStratix Switches
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2018-0171 CVE-2018-0156 CVE-2018-0174 CVE-2018-0172 CVE-2018-0173 CVE-2018-0158 CVE-2018-0167 CVE-2018-0175 |
| CWE-ID | CWE-120 CWE-20 CWE-122 CWE-401 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #5 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. Vulnerability #8 is being exploited in the wild. |
| Vulnerable software Subscribe |
Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Allen-Bradley Stratix 5410 Industrial Distribution Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Allen-Bradley Stratix 5400 Industrial Ethernet Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor |
Rockwell Automation |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU11336
Risk: High
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0171
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can trigger buffer overflow, cause the service to crash and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Improper input validation
EUVDB-ID: #VU11337
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can send a specially crafted packet to an affected device on TCP port 4786 and cause the service to crash.
Update to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Improper input validation
EUVDB-ID: #VU11361
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0174
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.
Update to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Heap-based buffer overflow
EUVDB-ID: #VU11363
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0172
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet, trigger heap overflow and cause the service to crash.
Update to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
5) Improper input validation
EUVDB-ID: #VU11362
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets due to incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.
Update to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Memory leak
EUVDB-ID: #VU11356
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0158
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to incorrect processing of certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets, trigger memory leak and cause the service to crash.
Update to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Buffer overflow
EUVDB-ID: #VU11351
Risk: Low
CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0167
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.
The weakness exists in the LLDP subsystem due to improper error handling of malformed LLDP messages. An adjacent attacker can submit a specially crafted LLDP protocol data unit (PDU), trigger buffer overflow, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Memory corruption
EUVDB-ID: #VU11352
Risk: Low
CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0175
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.
The weakness exists in the LLDP subsystem due to improper handling of certain fields in an LLDP message. An adjacent attacker can submit a specially crafted LLDP PDU, trick the victim into executing a specific show command in the CLI, trigger memory corruption, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 15.2(6)E1.
Vulnerable software versionsAllen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(5)EA.fc4 - 15.2(6)E0a
Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches: 15.2(5)EA.fc4
:
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
