[Control systems] Rockwell Automation Allen-Bradley Stratix and ArmoStratix security advisory

Number: AV17-130
Date: August 28, 2017

Purpose

The purpose of this advisory is to bring attention to a recently released security advisory for Allen-Bradley Stratix and ArmoStratix products.

Assessment

Rockwell Automation has released a security advisory to address vulnerabilities in its Allen-Bradley  Stratix and ArmoStratix products. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to execute code on an affected system or cause an affected system to crash and reload.

Affected versions:

  • All versions 15.2(5)EA.fc4 and earlier
    • Allen-Bradley Stratix 5400 Industrial Ethernet Switches
    • Allen-Bradley Stratix 5410 Industrial Distribution Switches
    • Allen-Bradley Stratix 5700 and ArmorStratix™ 5700 Industrial Managed Ethernet Switches
    • Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches
  • Allen-Bradley Stratix 5900 Services Router - all versions 15.6(3)M1 and earlier
  • Stratix 8300 Modular Managed Ethernet Switches - all versions 15.2(4)EA and earlier

CVE References: CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected devices per your change management policies.

References:

Date modified: