SB2018070402 - Multiple vulnerabilities in Rockwell Automation Allen-Bradley Stratix 5950

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018070402

SB2018070402 - Multiple vulnerabilities in Rockwell Automation Allen-Bradley Stratix 5950

Published: July 4, 2018

Security Bulletin ID SB2018070402
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2018-0228)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system. 

The weakness exists in the ingress flow creation functionality due to incorrect handling of an internal software lock that can prevent other system processes from getting CPU cycles, causing a high CPU condition. A remote attacker can send a steady stream of malicious IP packets that can cause connections to be created, exhaust CPU resources and cause the service to crash.

2) Improper certificate validation (CVE-ID: CVE-2018-0227)

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature due to incorrect verification of the SSL Client Certificate. A remote attacker can connect to the ASA VPN without a proper private key and certificate pair, establish an SSL VPN connection to the ASA when the connection should have been rejected and bypass certain SSL certificate verification steps.

3) Buffer underflow (CVE-ID: CVE-2018-0231)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Transport Layer Security (TLS) library due to insufficient validation of user-supplied input. A remote attacker can send a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) service, trigger buffer underflow and cause the service to crash.


4) Business logic errors (CVE-ID: CVE-2018-0240)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Application Layer Protocol Inspection feature due to logical errors during traffic inspection. A remote attacker can send a high volume of malicious traffic, trigger a deadlock condition and cause the service to crash.

5) Path traversal (CVE-ID: CVE-2018-0296)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the web interface of the Cisco Adaptive Security Appliance (ASA) due to lack of proper input validation of the HTTP URL. A remote attacker can send a specially crafted HTTP request and cause the device to reload unexpectedly or read contest of arbitrary file on the system using directory traversal sequences.


Remediation

Install update from vendor's website.

References