Multiple vulnerabilities in Rockwell Automation Allen-Bradley Stratix 5950

1) Resource exhaustion

EUVDB-ID: #VU12091

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0228

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system. 

The weakness exists in the ingress flow creation functionality due to incorrect handling of an internal software lock that can prevent other system processes from getting CPU cycles, causing a high CPU condition. A remote attacker can send a steady stream of malicious IP packets that can cause connections to be created, exhaust CPU resources and cause the service to crash.

Mitigation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Allen-Bradley Stratix 5950 1783-SAD2T2SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD2T2SBK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SBK9: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper certificate validation

EUVDB-ID: #VU12092

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0227

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.

Mitigation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Allen-Bradley Stratix 5950 1783-SAD2T2SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD2T2SBK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SBK9: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer underflow

EUVDB-ID: #VU12090

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0231

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Transport Layer Security (TLS) library due to insufficient validation of user-supplied input. A remote attacker can send a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) service, trigger buffer underflow and cause the service to crash.

Mitigation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Allen-Bradley Stratix 5950 1783-SAD2T2SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD2T2SBK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SBK9: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Business logic errors

EUVDB-ID: #VU12089

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0240

CWE-ID: CWE-840 - Business Logic Errors (3.0)

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Application Layer Protocol Inspection feature due to logical errors during traffic inspection. A remote attacker can send a high volume of malicious traffic, trigger a deadlock condition and cause the service to crash.

Mitigation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Allen-Bradley Stratix 5950 1783-SAD2T2SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD2T2SBK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SBK9: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Path traversal

EUVDB-ID: #VU13246

Risk: Medium

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-0296

CWE-ID: CWE-23 - Relative Path Traversal

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the web interface of the Cisco Adaptive Security Appliance (ASA) due to lack of proper input validation of the HTTP URL. A remote attacker can send a specially crafted HTTP request and cause the device to reload unexpectedly or read contest of arbitrary file on the system using directory traversal sequences.

Mitigation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Allen-Bradley Stratix 5950 1783-SAD2T2SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD2T2SBK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SPK9: All versions

Allen-Bradley Stratix 5950 1783-SAD4T0SBK9: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-184-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.