Detections
Analytics
Rockwell Automation Stratix Services Router Use of Externally-Controlled Format String (CVE-2018-0175)
high Tenable OT Security Plugin ID 501770
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Rockwell Automation has released knowledge base article 1073313 which can be found at the following location:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/ (login required)
Cisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:
https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html
CVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.
CVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
Rockwell Automation also recommends that users implement the following general security guidelines:
- Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.
- Locate control system networks and devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
See Also
http://www.nessus.org/u?37660900
http://www.nessus.org/u?a252fb13
http://www.nessus.org/u?ce3d1989
http://www.nessus.org/u?0baec066
http://www.nessus.org/u?85ccd272
https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-04
https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-05
https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-03
Plugin Details
Severity: High
ID: 501770
Version: 1.9
Type: remote
Family: Tenable.ot
Published: 11/15/2023
Updated: 7/30/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.9
Temporal Score: 6.5
Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-0175
CVSS v3
Risk Factor: High
Base Score: 8
Temporal Score: 7.4
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_stratix_5400_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_stratix_5410_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_stratix_5700_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_stratix_8000_industrial_managed_ethernet_switch
Required KB Items: Tenable.ot/Rockwell
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/28/2018
Vulnerability Publication Date: 3/28/2018
CISA Known Exploited Vulnerability Due Dates: 3/17/2022
Reference Information
CVE: CVE-2018-0175
CWE: 755
ICSA: 18-107-04, 18-107-05