Lucene search

K
icsIndustrial Control Systems Cyber Emergency Response TeamICSA-17-094-04
HistoryMay 10, 2017 - 12:00 p.m.

Rockwell Automation Stratix 5900

2017-05-1012:00:00
Industrial Control Systems Cyber Emergency Response Team
www.cisa.gov
122

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

0.975 High

EPSS

Percentile

100.0%

CVSS v3 10.0

**ATTENTION:**Remotely exploitable/low skill level to exploit.

Vendor: Rockwell Automation

Equipment: Stratix 5900

Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal_._

REPOSTED INFORMATION

This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.

AFFECTED PRODUCTS

Rockwell Automation reports that these vulnerabilities affect the following Stratix 5900 Services Routers:

  • Stratix 5900, All Versions prior to 15.6.3.

IMPACT

An attacker who exploits these vulnerabilities may be able to perform man-in-the-middle attacks, create denial of service conditions, or remotely execute arbitrary code.

MITIGATION

Rockwell Automation has provided a new firmware version, Version 15.6.3, to mitigate these vulnerabilities.

Rockwell Automation encourages users of the affected versions to update to the latest available software versions addressing the associated risk, and including improvements to further harden the software and enhance its resilience against similar malicious attacks. Users can find the latest firmware version by searching for their device at the following web site:

<http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15&gt;

Additional precautions and risk mitigation strategies specific to these types of attacks are recommended in the Rockwell Automation security release. When possible, multiple strategies should be implemented simultaneously.

<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041191&gt;

Please also refer to Cisco’s security advisories (linked below) for additional workarounds and details for these vulnerabilities.

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

VULNERABILITY OVERVIEW

IMPROPER INPUT VALIDATION CWE-20

Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability.

CVE-2016-6380 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability.

CVE-2016-6393 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability.

CVE-2016-6384 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability.

CVE-2016-6381 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities.

CVE-2016-6382 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

INFORMATION EXPOSURE CWE-200

IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products.

CVE-2016-6415 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

INPUT VALIDATION CWE-20

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability.

CVE-2016-1409 has been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability.

CVE-2016-1350 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability.

CVE-2016-1344 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).

INTEGER OVERFLOW OR WRAPAROUND CWE 190

IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

IMPROPER INPUT VALIDATION CWE-20

PATH TRAVERSAL CWE-22

PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264

IMPROPER AUTHENTICATION CWE-287

RESOURCE MANAGEMENT ERRORS CWE 399

Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015.

CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, and CVE-2015-7871 have been assigned to these vulnerabilities. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L).

IMPROPER AUTHENTICATION CWE-287

Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products.

CVE-2015-1798 and CVE-2015-1799 have been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).

INPUT VALIDATION CWE 20

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities.

CVE-2015-0642 and CVE-2015-0643 have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability.

CVE-2015-0646 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

IMPROPER INPUT VALIDATION CWE-20

CRYPTOGRAPHIC ISSUES CWE 310

Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products.

CVE-2015-0207, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, and CVE-2015-1787 have been assigned to these vulnerabilities. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N).

CRYPTOGRAPHIC ISSUES CWE 310

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability.

CVE-2014-3566 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability.

CVE-2014-3359 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software Metadata Vulnerabilities.

CVE-2014-3355 and CVE-2014-3356 have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

IMPROPER INPUT VALIDATION CWE-20

Cisco IOS Software Network Address Translation Denial of Service Vulnerability.

CVE-2014-3361 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software RSVP Vulnerability.

CVE-2014-3354 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

NUMERIC ERRORS CWE 189

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability.

CVE-2014-3360 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software IPsec Denial of Service Vulnerability.

CVE-2014-3299 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

CRYPTOGRAPHIC ISSUES CWE-310

RACE CONDITION CWE-362

IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119

RESOURCE MANAGEMENT ERRORS CWE-399

NULL POINTER DEREFERENCE CWE-476

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products.

CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, and CVE-2014-3470 have been assigned to these vulnerabilities. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

IMPROPER INPUT VALIDATION CWE-20

Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability.

CVE-2014-2113 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability.

CVE-2014-2108 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

IMPROPER INPUT VALIDATION CWE-20

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software Network Address Translation Vulnerabilities.

CVE-2014-2109 and CVE-2014-2111 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

IMPROPER INPUT VALIDATION CWE-20

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability.

CVE-2014-2106 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESOURCE MANAGEMENT ERRORS CWE 399

Cisco IOS Software SSL VPN Denial of Service Vulnerability.

CVE-2014-2112 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

RESEARCHER

Cisco Systems, Inc. reported these vulnerabilities to Rockwell Automation.

BACKGROUND

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems

Area Deployed: Worldwide

**Company Headquarters Location:**United States

References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

0.975 High

EPSS

Percentile

100.0%