Multiple vulnerabilities in Rockwell Automation Stratix Switches



Published: 2021-04-21
Risk Medium
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2021-1392
CVE-2021-1403
CVE-2021-1352
CVE-2021-1442
CVE-2021-1452
CVE-2021-1443
CVE-2021-1220
CVE-2021-1356
CWE-ID CWE-522
CWE-345
CWE-823
CWE-532
CWE-78
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Allen-Bradley Stratix 5400 Industrial Ethernet Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Allen-Bradley Stratix 5410 Industrial Distribution Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Stratix 5800
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Rockwell Automation

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Insufficiently protected credentials

EUVDB-ID: #VU51768

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1392

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permissions are associated with the show cip security CLI command. A local user can use a specially crafted command to retrieve the password for CIP and reconfigure the device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU51707

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1403

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists in the web UI feature of Cisco IOS XE Software. A remote attacker can conduct a cross-site WebSocket hijacking (CSWSH) attack and cause denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU51708

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1352

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the DECnet Phase IV and DECnet/OSI protocol. A remote attacker on the local network can send specially crafted DECnet traffic to the affected device and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU51704

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1442

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software. A local low-privileged user can run the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device and obtain a privileged authentication token. This token can be used to send crafted PnP messages and execute privileged commands on the targeted system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) OS Command Injection

EUVDB-ID: #VU51709

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1452

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists in ROM Monitor (ROMMON) due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set.An attacker with physical access to the system can execute unsigned code at system boot time.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) OS Command Injection

EUVDB-ID: #VU51780

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1443

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the web UI. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource exhaustion

EUVDB-ID: #VU51725

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1220

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the web UI of Cisco IOS XE Software. A remote authenticated user can send specially crafted HTTP request to the web UI and cause the web management software to hang and consume all available vty lines, preventing new session establishment.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU51726

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1356

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the web UI of Cisco IOS XE Software. A remote authenticated user can send specially crafted  HTTP requests to the web UI and cause the web management software to hang and consume all available vty lines, preventing new session establishment.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Allen-Bradley Stratix 5400 Industrial Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 5410 Industrial Distribution Switches: 15.2(7)E3

Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches: 15.2(7)E3

Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches: 15.2(7)E3

Stratix 5800: 16.12.01

External links

http://ics-cert.us-cert.gov/advisories/icsa-21-110-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###