SB2018041802 - Multiple vulnerabilities in Rockwell Automation Stratix and ArmorStratix Switches

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018041802

SB2018041802 - Multiple vulnerabilities in Rockwell Automation Stratix and ArmorStratix Switches

Published: April 18, 2018 Updated: February 1, 2023

Security Bulletin ID SB2018041802
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Medium 63% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-0171)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can trigger buffer overflow, cause the service to crash and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.


2) Improper input validation (CVE-ID: CVE-2018-0156)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can send a specially crafted packet to an affected device on TCP port 4786 and cause the service to crash.

3) Improper input validation (CVE-ID: CVE-2018-0174)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.

4) Heap-based buffer overflow (CVE-ID: CVE-2018-0172)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet, trigger heap overflow and cause the service to crash.

5) Improper input validation (CVE-ID: CVE-2018-0173)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets due to incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.

6) Memory leak (CVE-ID: CVE-2018-0158)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to incorrect processing of certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets, trigger memory leak and cause the service to crash.

7) Buffer overflow (CVE-ID: CVE-2018-0167)

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.

The weakness exists in the LLDP subsystem due to improper error handling of malformed LLDP messages. An adjacent attacker can submit a specially crafted LLDP protocol data unit (PDU), trigger buffer overflow, cause the service to crash or execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


8) Memory corruption (CVE-ID: CVE-2018-0175)

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.

The weakness exists in the LLDP subsystem due to improper handling of certain fields in an LLDP message. An adjacent attacker can submit a specially crafted LLDP PDU, trick the victim into executing a specific show command in the CLI, trigger memory corruption, cause the service to crash or execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Install update from vendor's website.

References