(I)IoT Security News
ICS, News, Vulnerabilities

Rockwell Automation Stratix 5800 and Stratix 5200

Rockwell Automation

1. EXECUTIVE SUMMARY

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated attacker to take control of the affected system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Stratix products and the contained Cisco IOS software are affected:

3.2 Vulnerability Overview

3.2.1 UNPROTECTED ALTERNATE CHANNEL CWE-420

Rockwell Automation is aware of active exploitation of a previously unknown vulnerability in the web user interface feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system.

CVE-2023-20198 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

3.3 BACKGROUND

3.4 RESEARCHER

Rockwell Automation reported this vulnerability to CISA.

4. MITIGATIONS

Rockwell Automation strongly encourages users to follow guidance disabling Stratix HTTP servers on all internet-facing systems.

For more information, see Rockwell Automation’s Security Advisory.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Source:

https://www.cisa.gov/news-events/ics-advisories/icsa-23-297-01

Related posts

Siemens SIMATIC WinCC and PCS7

(I) IoT
5 years ago

Experts disclosed an unpatched Kernel buffer overflow in Trusteer Rapport for MacOS

(I) IoT
6 years ago

Emerson DeltaV

(I) IoT
6 years ago
Exit mobile version