June 24, 2016– A new cybersecurity vulnerability has been discovered regarding Rockwell Automation Allen Bradley Stratix industrial networking switches, as reported by the ICS-CERT website. This vulnerability could be exploited remotely and puts Control systems using these switches at risk, unless patched immediately with a Firmware update fix released now. According to Rockwell Automation, the Allen-Bradley Stratix 5400 and 5410 switches are deployed across several sectors including Critical Manufacturing, Energy, Water and Wastewater Systems, and others.
In case you are not familiar too much with Industrial Cyber Security fundamental issues, please read these free industrial cybersecurity whitepapers. (You may have to scroll down to the bottom of the list to find them)
The vulnerability is due to improper processing of some Internet Control Message Protocol (ICMP) IPv4 packets. An attacker could exploit this vulnerability by sending ICMP IPv4 packets to an affected device allowing an attacker to corrupt the packet waiting for transmission. The identified vulnerability was originally reported by Cisco to impact the Cisco Industrial Ethernet 4000 Series and 5000 Series switches. Rockwell Automation determined that the vulnerability also impacts their Allen-Bradley Stratix 5400 Industrial Ethernet Switches and the Stratix 5410 Industrial Distribution Switches, which contain affected versions of the Cisco IOS firmware. In response to the reported vulnerability, they have released a new versions of the firmware, Version 15.2(4)EA3, which addresses the vulnerability.
In case you are using these switches, please get in touch with the vendor (or your system integrator) at the earliest.
ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.