Rockwell Automation informed customers this week that its Allen-Bradley Stratix and ArmorStratix industrial switches are exposed to remote attacks due to vulnerabilities in Cisco’s IOS software.
Allen-Bradley Stratix and ArmorStratix switches, which are used in the critical manufacturing, energy and other sectors, rely on Cisco’s IOS software for secure integration with enterprise networks. Rockwell Automation has determined that eight flaws discovered recently in Cisco IOS also affect its own products.
According to Rockwell and ICS-CERT, Stratix 5400, 5410, 5700, 8000 and ArmorStratix 5700 switches running firmware version 15.2(6)E0a and earlier are impacted by critical and high severity vulnerabilities that can be exploited remotely and without authentication for denial-of-service (DoS) attacks and arbitrary code execution.
The issues include CVE-2018-0171, a critical remote code execution flaw in the Smart Install feature that can be exploited to take complete control of vulnerable devices.
