Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption Vulnerability

Monitor5.8ICS-CERT ICSA-16-175-01Mar 27, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Allen-Bradley Stratix 5400 (firmware 15.22EA1, 15.22EA2) and Stratix 5410 (firmware 15.22EB) industrial Ethernet switches contain a packet corruption vulnerability that allows an attacker with network access to corrupt packets transmitted through the switch. Affected devices include the Stratix 5400 Industrial Ethernet Switch and Stratix 5410 Industrial Distribution Switch. No firmware patch is available for either product.

What this means

What could happen

An attacker with network access to the Stratix switch could cause packets to be corrupted during transmission, potentially disrupting network communication for connected devices and equipment on the same industrial network segment.

Who's at risk

Manufacturing facilities using Allen-Bradley Stratix 5400 or 5410 industrial Ethernet switches in their plant networks should care. These switches are commonly used to connect PLCs, drives, sensors, and HMIs. A corrupted network link could impact process control and real-time communication between devices.

How it could be exploited

An attacker with network access to the Stratix 5400 or 5410 switch could send specially crafted packets that trigger a packet corruption flaw, causing the switch to corrupt legitimate packets passing through it. This corrupts traffic for all devices connected to the affected switch port or VLAN.

Prerequisites

Network access to the Stratix 5400 or 5410 switch
No credentials required
No specific device configuration required

remotely exploitableno authentication requiredlow complexityno patch available

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Allen-Bradley Stratix 5400 Industrial Ethernet Switch Firmware: 15.22EA1|15.22EA215.22EA1|15.22EA2No fix (EOL)

Allen-Bradley Stratix 5410 Industrial Distribution Switch Firmware: 15.22EB15.22EBNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict untrusted traffic from reaching the Stratix 5400 and 5410 switches from external networks or untrusted network segments

HARDENINGVerify the industrial network topology and ensure the Stratix switches are in a protected zone not directly exposed to untrusted networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor and log all network traffic destined for the Stratix switches to detect unusual or malicious packet patterns

CVEs (1)

CVE-2016-1399

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a5437034-6070-4563-8717-58a42e6df4d2