Rockwell Automation Stratix 5900
CVSS v3 10.0
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Rockwell Automation
Equipment: Stratix 5900
Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal.
REPOSTED INFORMATION
This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.
AFFECTED PRODUCTS
Rockwell Automation reports that these vulnerabilities affect the following Stratix 5900 Services Routers:
- Stratix 5900, All Versions prior to 15.6.3.
IMPACT
An attacker who exploits these vulnerabilities may be able to perform man-in-the-middle attacks, create denial of service conditions, or remotely execute arbitrary code.
MITIGATION
Rockwell Automation has provided a new firmware version, Version 15.6.3, to mitigate these vulnerabilities.
Rockwell Automation encourages users of the affected versions to update to the latest available software versions addressing the associated risk, and including improvements to further harden the software and enhance its resilience against similar malicious attacks. Users can find the latest firmware version by searching for their device at the following web site:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15
Additional precautions and risk mitigation strategies specific to these types of attacks are recommended in the Rockwell Automation security release. When possible, multiple strategies should be implemented simultaneously.
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041191
Please also refer to Cisco’s security advisories (linked below) for additional workarounds and details for these vulnerabilities.
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
VULNERABILITY OVERVIEW
Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability.
CVE-2016-6380 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H).
Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability.
CVE-2016-6393 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H).
Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability.
CVE-2016-6384 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVE-2016-6381 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities.
CVE-2016-6382 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products.
CVE-2016-6415 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability.
CVE-2016-1409 has been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).
CVE-2016-1350 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVE-2016-1344 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
INTEGER OVERFLOW OR WRAPAROUND CWE 190
IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
IMPROPER INPUT VALIDATION CWE-20
PATH TRAVERSAL CWE-22
PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
IMPROPER AUTHENTICATION CWE-287
RESOURCE MANAGEMENT ERRORS CWE 399
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015.
CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, and CVE-2015-7871 have been assigned to these vulnerabilities. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L).
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products.
CVE-2015-1798 and CVE-2015-1799 have been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).
CVE-2015-0642 and CVE-2015-0643 have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability.
CVE-2015-0646 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
IMPROPER INPUT VALIDATION CWE-20
CRYPTOGRAPHIC ISSUES CWE 310
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products.
CVE-2015-0207, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, and CVE-2015-1787 have been assigned to these vulnerabilities. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N).
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability.
CVE-2014-3566 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N).
Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability.
CVE-2014-3359 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Metadata Vulnerabilities.
CVE-2014-3355 and CVE-2014-3356 have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Network Address Translation Denial of Service Vulnerability.
CVE-2014-3361 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software RSVP Vulnerability.
CVE-2014-3354 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability.
CVE-2014-3360 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software IPsec Denial of Service Vulnerability.
CVE-2014-3299 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
CRYPTOGRAPHIC ISSUES CWE-310
RACE CONDITION CWE-362
IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
RESOURCE MANAGEMENT ERRORS CWE-399
NULL POINTER DEREFERENCE CWE-476
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products.
CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, and CVE-2014-3470 have been assigned to these vulnerabilities. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability.
CVE-2014-2113 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability.
CVE-2014-2108 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Network Address Translation Vulnerabilities.
CVE-2014-2109 and CVE-2014-2111 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability.
CVE-2014-2106 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software SSL VPN Denial of Service Vulnerability.
CVE-2014-2112 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
RESEARCHER
Cisco Systems, Inc. reported these vulnerabilities to Rockwell Automation.
BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Area Deployed: Worldwide
Company Headquarters Location: United States
This product is provided subject to this Notification and this Privacy & Use policy.
Vendor
- Rockwell Automation