Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratix
Act Now9.8ICS-CERT ICSA-17-094-03Apr 4, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Rockwell Automation Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches contain an input validation flaw (CWE-20) in versions 15.2(5)EA.fc4 and earlier (Stratix 8300: 15.2(4a)EA5 and earlier) that allows remote code execution without authentication. The vulnerability affects Stratix 8000, 5400, 5410, 5700 models and ArmorStratix 5700 models. Vendors have indicated no firmware patches will be released for these products.
What this means
What could happen
An attacker can remotely execute commands on your Stratix/ArmorStratix switches without authentication, potentially disrupting your network connectivity and allowing control system communications to be intercepted, blocked, or altered.
Who's at risk
Manufacturing operations that depend on Allen-Bradley Stratix 8000, 5400, 5410, 5700 and ArmorStratix 5700 industrial Ethernet switches should be concerned. These switches are critical network infrastructure in control systems—any compromise can disrupt real-time communications between PLCs, HMIs, safety controllers, and other devices, potentially affecting production uptime and safety.
How it could be exploited
An attacker with network access to any affected switch can send a specially crafted input that bypasses input validation (CWE-20) to achieve remote code execution. No authentication or credentials are required; the exploit can be triggered from any external network location that can reach the switch.
Prerequisites
- Network reachability to the affected switch from an external network or untrusted network segment
- No authentication required
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (94.3%)no patch availableaffects critical network infrastructure
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
Allen-Bradley Stratix 8000 Modular Managed Industrial Ethernet Switches: All≤ 15.2(5)EA.fc4No fix (EOL)
Allen-Bradley Stratix 5400 Industrial Ethernet Switches: All≤ 15.2(5)EA.fc4No fix (EOL)
Allen-Bradley Stratix 5410 Industrial Distribution Switches: All≤ 15.2(5)EA.fc4No fix (EOL)
Allen-Bradley Stratix 5700 and ArmorStratix 5700 Industrial Managed Ethernet Switches: All≤ 15.2(5)EA.fc4No fix (EOL)
Allen-Bradley Stratix 8300 Modular Managed Industrial Ethernet Switches: All≤ 15.2(4a)EA5No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3WORKAROUNDIsolate affected Stratix/ArmorStratix switches using network firewalls—restrict access to management ports and limit communication to only authorized control devices and engineering workstations
HARDENINGImplement network segmentation to separate the switch from untrusted networks; consider placing the switch behind a firewall or using VLANs with access control lists
WORKAROUNDDisable remote management access (SSH, Telnet, SNMP, HTTP) if not actively required for operations
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor switch logs and network traffic for suspicious connection attempts or unexpected commands
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Allen-Bradley Stratix 8000 Modular Managed Industrial Ethernet Switches: All, Allen-Bradley Stratix 5400 Industrial Ethernet Switches: All, Allen-Bradley Stratix 5410 Industrial Distribution Switches: All, Allen-Bradley Stratix 5700 and ArmorStratix 5700 Industrial Managed Ethernet Switches: All, Allen-Bradley Stratix 8300 Modular Managed Industrial Ethernet Switches: All. Apply the following compensating controls:
HARDENINGPlan replacement or decommissioning of affected switches in a phased approach since vendor has stated no fix is planned
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fa3e077b-55ae-44b3-940f-69d31a4352fd