Rockwell Automation Claims Cisco IOS Vulnerability Affects Its Industrial Switch
According to SecurityAffairs reported on the 19th, Rockwell Automation issued a warning that due to security vulnerabilities in Cisco IOS, its Allen-Bradley Stratix and ArmorStratix industrial switches may be subject to hackers. According to Rockwell Automation, the eight vulnerabilities recently discovered in Cisco IOS have affected its use in many areas, including key manufacturing and energy.
The list of vulnerabilities includes incorrect input validation, resource management errors, 7PK errors, and improper restrictions on operations within the memory buffer. And use an externally controlled format string. According to the security bulletin issued by the US ICS-CERT, these vulnerabilities may cause problems due to memory exhaustion, module reboot, information destruction, and information leakage.
The currently affected models are Stratix 5400, 5410, 5700, 8000, and Armor Stratix 5700 switches running firmware version 15.2(6)E0a or earlier.
The most serious vulnerability is the Cisco CVE-2018-0171 Smart Install, which is a defect that affects the intelligent installation features of Cisco IOS Software and Cisco IOS XE Software, and unauthenticated remote attackers may use the security vulnerability to reload The attacked device or execute arbitrary code on the affected device. A few weeks ago, the hacking team “JHT” used the Cisco CVE-2018-0171 vulnerability to launch a cyber attack against Russia and Iran’s cyber infrastructure.
Rockwell currently releases firmware version 15.2(6)E1 to address vulnerabilities in its switches. In addition to upgrading software releases, Rockwell Automation also provided mitigation measures. Cisco released new Snort rules on the official website to help address the following vulnerabilities:
CVE-2018-0171 – Snort Rule 46096 and 46097
CVE-2018-0156 – Snort Rule 41725
CVE-2018-0174 – Snort Rule 46120
CVE-2018-0172 – Snort Rule 46104
CVE-2018-0173 – Snort Rule 46119
CVE-2018-0158 – Snort Rule 46110