SB2021042150 - Multiple vulnerabilities in Rockwell Automation Stratix Switches

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Insufficiently protected credentials (CVE-ID: CVE-2021-1392)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permissions are associated with the show cip security CLI command. A local user can use a specially crafted command to retrieve the password for CIP and reconfigure the device.

2) Insufficient verification of data authenticity (CVE-ID: CVE-2021-1403)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists in the web UI feature of Cisco IOS XE Software. A remote attacker can conduct a cross-site WebSocket hijacking (CSWSH) attack and cause denial of service.

3) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2021-1352)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the DECnet Phase IV and DECnet/OSI protocol. A remote attacker on the local network can send specially crafted DECnet traffic to the affected device and perform a denial of service (DoS) attack.

4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2021-1442)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software. A local low-privileged user can run the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device and obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.

5) OS Command Injection (CVE-ID: CVE-2021-1452)

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists in ROM Monitor (ROMMON) due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set.An attacker with physical access to the system can execute unsigned code at system boot time.

6) OS Command Injection (CVE-ID: CVE-2021-1443)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the web UI. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Resource exhaustion (CVE-ID: CVE-2021-1220)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the web UI of Cisco IOS XE Software. A remote authenticated user can send specially crafted HTTP request to the web UI and cause the web management software to hang and consume all available vty lines, preventing new session establishment.

8) Resource exhaustion (CVE-ID: CVE-2021-1356)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the web UI of Cisco IOS XE Software. A remote authenticated user can send specially crafted  HTTP requests to the web UI and cause the web management software to hang and consume all available vty lines, preventing new session establishment.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/icsa-21-110-02