Number: AV17-130
Date: August 28, 2017
Purpose
The purpose of this advisory is to bring attention to a recently released security advisory for Allen-Bradley Stratix and ArmoStratix products.
Assessment
Rockwell Automation has released a security advisory to address vulnerabilities in its Allen-Bradley Stratix and ArmoStratix products. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to execute code on an affected system or cause an affected system to crash and reload.
Affected versions:
- All versions 15.2(5)EA.fc4 and earlier
- Allen-Bradley Stratix 5400 Industrial Ethernet Switches
- Allen-Bradley Stratix 5410 Industrial Distribution Switches
- Allen-Bradley Stratix 5700 and ArmorStratix™ 5700 Industrial Managed Ethernet Switches
- Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches
- Allen-Bradley Stratix 5900 Services Router - all versions 15.6(3)M1 and earlier
- Stratix 8300 Modular Managed Ethernet Switches - all versions 15.2(4)EA and earlier
CVE References: CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected devices per your change management policies.
References: