Rockwell Automation released security updates that address several
ICS-CERT and Rockwell Automation published three separate advisories to warn of the effects of the vulnerabilities introduced by Cisco on Stratix 5400, 5410, 5700, 8000, 8300, 5950, and ArmorStratix 5700 switches.
“Successful exploitation of these vulnerabilities could result in a
The advisory warns of multiple high-severity vulnerabilities related to the Open Shortest Path First version 3 (OSPFv3), web framework, Precision Time Protocol (PTP), IPv6 processing, and Discovery Protocol components of Cisco IOS and IOS XE.
Remote and local authentication attackers could exploit the flaws to trigger a
The ICS-CERT published a separated advisory for a medium-
Rockwell Automation addressed the vulnerabilities with the release of versions 15.2(6)E2a, 15.2(6)E0a, and 15.2(4)EA7. while Cisco released security patches back in September 2018.
“Successful exploitation of this vulnerability could allow an
The ICS-CERT published
The flaw affects the IPsec feature of Stratix 5950 security appliance, which is disabled by default.
“Successful exploitation of this vulnerability could allow a remote attacker to cause an affected device to reload.” reads the advisory.
The company recommends avoiding using any IPsec VPN connections as a temporary mitigation.
(SecurityAffairs – Rockwell Automation