Rockwell Stratix IOS CSRF to RCE Vulnerability
Plan Patch9.6SD1745Sep 9, 2025
Summary
Stratix IOS contains a cross-site request forgery (CSRF) vulnerability in its web management interface that allows an attacker to trick an authenticated user into executing arbitrary commands on the device. An attacker can craft a malicious webpage that, when accessed by an authorized administrator, submits forged requests to the Stratix IOS device using the victim's existing authentication session. This vulnerability affects all versions of Stratix IOS and there is currently no vendor patch available.
What this means
What could happen
An attacker with network access to a Stratix IOS device could use a cross-site request forgery (CSRF) attack to trick an authorized user into executing commands, allowing the attacker to gain remote code execution on the switch and potentially disrupt network operations for critical control systems.
Who's at risk
Water utilities and electric utilities operating Rockwell Stratix IOS managed industrial switches in control system networks. This affects any facility using these switches for network management of PLCs, RTUs, or other ICS devices, since the switch itself becomes a pivot point for attacking downstream control systems.
How it could be exploited
An attacker crafts a malicious webpage or email that, when visited by an authenticated user of the Stratix IOS device's web interface, automatically submits a forged request to change configuration or execute commands on the device. The user's existing authentication session is exploited to perform actions without their knowledge.
Prerequisites
- Network access to the Stratix IOS web management interface (port 80/443)
- An authenticated user must visit the attacker's malicious page while logged into the device
- The device must have web management enabled
remotely exploitableno patch availablecritical severity (CVSS 9.6)affects industrial network infrastructure
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
Stratix IOS CSRFAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDRestrict network access to the Stratix IOS web management interface using firewall rules—only allow connections from authorized engineering workstations and management networks
HARDENINGDisable web management on the device if not actively required for operations; use console or SSH access only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGEnforce strong, unique credentials on all network devices and implement MFA on remote management interfaces where supported
Mitigations - no patch available
0/1Stratix IOS CSRF has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the Stratix IOS device on a management VLAN separate from production control network traffic
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/82d0ce9f-545d-4dd9-b261-e676e71194d1