Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability

Plan PatchCVSS 10ICS-CERT ICSA-17-054-02Feb 23, 2017

AutomationDirectRed LionManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Red Lion Sixnet-Managed Industrial Switches (firmware ≤5.0.196) and AutomationDirect STRIDE-Managed Ethernet Switches (firmware ≤5.0.190) contain a critical vulnerability (CVE related to CWE-321) that allows unauthenticated remote attackers to gain administrative control of the switches via the management interface. No vendor patch is planned for either product. The vulnerability enables attackers to reconfigure switch settings, alter network topology, intercept communications, or disrupt connectivity between industrial control components.

What this means

What could happen

An unauthenticated attacker on your network could remotely gain control of Sixnet or STRIDE-managed Ethernet switches, allowing them to reconfigure network settings, intercept traffic, or block communications between plant equipment and controllers.

Who's at risk

Manufacturing plants, water systems, and electric utilities using Red Lion Sixnet-managed or AutomationDirect STRIDE-managed industrial Ethernet switches for plant network infrastructure. These switches typically interconnect PLCs, drives, I/O modules, and remote terminal units (RTUs).

How it could be exploited

An attacker sends crafted network requests to the switch's management interface (port 80/HTTP or default management port) without authentication. The vulnerability in how the switches handle these requests allows the attacker to execute arbitrary administrative commands or modify switch configuration, including VLAN settings, routing, and access controls.

Prerequisites

Network access to the switch's management interface (typically HTTP port 80 or default Telnet/SSH ports)
No credentials required

remotely exploitableno authentication requiredlow complexityno patch availableaffects critical network infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Stride-Managed Ethernet Switches running firmware:≤ 5.0.190No fix (EOL)

Sixnet-Managed Industrial Switches running firmware:≤ 5.0.196No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIsolate affected Sixnet and STRIDE switches from direct network access using a firewall or router ACL—permit only authorized engineering workstations and control systems to reach the management interface

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXPlan replacement of end-of-life Sixnet and STRIDE switches with vendor-supported alternatives that receive security updates

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Stride-Managed Ethernet Switches running firmware:, Sixnet-Managed Industrial Switches running firmware:. Apply the following compensating controls:

HARDENINGImplement network segmentation to limit access from business network to plant floor network where these switches operate

HARDENINGMonitor and log all traffic to the switch management interface to detect unusual access attempts

CVEs (1)

CVE-2016-9335

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e410c49f-e93a-42da-b905-81f962e9bed0

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.