Lucene search
K

Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 5 Views

Vulnerability in Cisco Secure Boot could allow firmware write on the Allen-Bradley Stratix 5950 hardware.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(504956);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/06");

  script_cve_id("CVE-2019-1649");
  script_xref(name:"ICSA", value:"20-072-03");

  script_name(english:"Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Cisco Systems, Inc. (Cisco) released an advisory regarding a vulnerability in the logic 
that handles access control to a hardware component in Cisco's proprietary Secure Boot implementation. 
If successfully exploited, an attacker could write a modified firmware image to the component. 
The Allen-Bradley Stratix 5950 utilizes Cisco's proprietary Secure Boot implementation.

Customers using affected versions of this product are encouraged to evaluate the mitigations 
provided below and apply any appropriate mitigations to their deployed products. 
Additional details relating to the discovered vulnerability, including affected products 
and recommended countermeasures, are provided below. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://support.rockwellautomation.com/app/answers/answer_view/a_id/1091916/~/stratix-5950-secure-boot-hardware-tampering-vulnerability-
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4642709c");
  # https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-03
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?80fef307");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-03");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Rockwell Automation recommends users update to firmware version FRN v6.4.0, which addresses the reported vulnerability.

Rockwell also provides the following general security guidelines:

- Utilize proper network infrastructure controls, such as firewalls, to help ensure that requests from unauthorized
sources are blocked and the controls are isolated from the business network.
- Consult the product documentation for specific features, such as access control lists and deep packet inspection, that
may be used to block unauthorized changes, etc.
- Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the manufacturing zone by blocking
or restricting access to TCP and UDP Port 2222 and Port 44818, using proper network infrastructure controls such as
firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation
products, see Knowledgebase Article ID 898270.
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from
the Internet.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1649");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(284);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_1783-sad4t0sbk9_stratix_5950_industrial_managed_ethernet_switch");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_1783-sad4t0spk9_stratix_5950_industrial_managed_ethernet_switch");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_1783-sad2t2sbk9_stratix_5950_industrial_managed_ethernet_switch");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_1783-sad2t2spk9_stratix_5950_industrial_managed_ethernet_switch");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/h:rockwellautomation:allen-bradley_1783-sad4t0sbk9_stratix_5950_industrial_managed_ethernet_switch" :
        {"versionEndExcluding" : "6.4.0", "family" : "Stratix"},
    "cpe:/h:rockwellautomation:allen-bradley_1783-sad4t0spk9_stratix_5950_industrial_managed_ethernet_switch" :
        {"versionEndExcluding" : "6.4.0", "family" : "Stratix"},
    "cpe:/h:rockwellautomation:allen-bradley_1783-sad2t2sbk9_stratix_5950_industrial_managed_ethernet_switch" :
        {"versionEndExcluding" : "6.4.0", "family" : "Stratix"},
    "cpe:/h:rockwellautomation:allen-bradley_1783-sad2t2spk9_stratix_5950_industrial_managed_ethernet_switch" :
        {"versionEndExcluding" : "6.4.0", "family" : "Stratix"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Feb 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.16.7
CVSS 27.2
CVSS 36.7
EPSS0.00611
SSVC
5