Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability
Act Now10ICS-CERT ICSA-17-054-02Feb 23, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Red Lion Sixnet-Managed Industrial Switches (firmware ≤5.0.196) and AutomationDirect STRIDE-Managed Ethernet Switches (firmware ≤5.0.190) contain a critical vulnerability (CVE related to CWE-321) that allows unauthenticated remote attackers to gain administrative control of the switches via the management interface. No vendor patch is planned for either product. The vulnerability enables attackers to reconfigure switch settings, alter network topology, intercept communications, or disrupt connectivity between industrial control components.
What this means
What could happen
An unauthenticated attacker on your network could remotely gain control of Sixnet or STRIDE-managed Ethernet switches, allowing them to reconfigure network settings, intercept traffic, or block communications between plant equipment and controllers.
Who's at risk
Manufacturing plants, water systems, and electric utilities using Red Lion Sixnet-managed or AutomationDirect STRIDE-managed industrial Ethernet switches for plant network infrastructure. These switches typically interconnect PLCs, drives, I/O modules, and remote terminal units (RTUs).
How it could be exploited
An attacker sends crafted network requests to the switch's management interface (port 80/HTTP or default management port) without authentication. The vulnerability in how the switches handle these requests allows the attacker to execute arbitrary administrative commands or modify switch configuration, including VLAN settings, routing, and access controls.
Prerequisites
- Network access to the switch's management interface (typically HTTP port 80 or default Telnet/SSH ports)
- No credentials required
remotely exploitableno authentication requiredlow complexityno patch availableaffects critical network infrastructure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
Stride-Managed Ethernet Switches running firmware:≤ 5.0.190No fix (EOL)
Sixnet-Managed Industrial Switches running firmware:≤ 5.0.196No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDIsolate affected Sixnet and STRIDE switches from direct network access using a firewall or router ACL—permit only authorized engineering workstations and control systems to reach the management interface
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXPlan replacement of end-of-life Sixnet and STRIDE switches with vendor-supported alternatives that receive security updates
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: Stride-Managed Ethernet Switches running firmware:, Sixnet-Managed Industrial Switches running firmware:. Apply the following compensating controls:
HARDENINGImplement network segmentation to limit access from business network to plant floor network where these switches operate
HARDENINGMonitor and log all traffic to the switch management interface to detect unusual access attempts
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e410c49f-e93a-42da-b905-81f962e9bed0