Rockwell Automation Stratix Devices Containing Cisco IOS

🗓️ 27 Oct 2022 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 34 Views

Rockwell Automation Stratix Devices Containing Cisco IOS, Multiple Vulnerabilities, including Denial-of-Service and Remote Code Executio

Reporter	Title	Published	Views	Family All 101
BDU FSTEC	The vulnerability in the Cisco IOS XE operating system’s web interface, related to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, or accessibility of protected information.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Role-Based Access Control (RBAC) implementation in the Cisco IOS XE operating system allows a perpetrator to increase their privileges and execute arbitrary code.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability in the Cisco IOS XE operating system’s web interface, related to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, or accessibility of protected information.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the SSH Secure Shell server of the Cisco IOS operating system, which allows a hacker to trigger a maintenance failure.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability in the Cisco IOS XE operating system’s web interface, related to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, or accessibility of protected information.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Cisco IOS XE operating system’s image verification function, related to errors in verifying the cryptographic signature, allows a hacker to install malicious software.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Cisco One Platform Kit (onePK) component in operating systems such as Cisco IOS, Cisco IOS XE, and Cisco NX-OS allows a attacker to execute arbitrary code or cause service interruptions.	10 Jun 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the authentication function of the Cisco IOS XE operating system’s web server allows a hacker to cause a malfunction in the web server’s operation.	18 Dec 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Application Layer DNS Gateway Function (ALG) of Cisco IOS XE, which allows a hacker to trigger a device reboot or cause a service failure.	6 Apr 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the IOx software platform for Cisco IOS XE and Cisco IOS operating systems, as well as the Cisco IC3000 Industrial Compute Gateway hardware security solution, arises from incorrect restrictions on path names in the restricted access directory. This allows attackers to compromise the confidentiality and integrity of the protected information.	6 Apr 202100:00	–	bdu_fstec

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-300-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-22-300-03
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

27 Oct 2022 06:00Current

8.3High risk

Vulners AI Score8.3

CVSS 29

CVSS 3.18.6 - 8.8

CVSS 38.8

EPSS0.01262

SSVC