Detections
Analytics
Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)
medium Tenable OT Security Plugin ID 504956
Synopsis
The remote OT asset is affected by a vulnerability.Description
Cisco Systems, Inc. (Cisco) released an advisory regarding a vulnerability in the logic that handles access control to a hardware component in Cisco's proprietary Secure Boot implementation. If successfully exploited, an attacker could write a modified firmware image to the component. The Allen-Bradley Stratix 5950 utilizes Cisco's proprietary Secure Boot implementation.Customers using affected versions of this product are encouraged to evaluate the mitigations provided below and apply any appropriate mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided below.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Rockwell Automation recommends users update to firmware version FRN v6.4.0, which addresses the reported vulnerability.
Rockwell also provides the following general security guidelines:
- Utilize proper network infrastructure controls, such as firewalls, to help ensure that requests from unauthorized sources are blocked and the controls are isolated from the business network.
- Consult the product documentation for specific features, such as access control lists and deep packet inspection, that may be used to block unauthorized changes, etc.
- Block all traffic to EtherNet/IP or other CIP protocol-based devices from outside the manufacturing zone by blocking or restricting access to TCP and UDP Port 2222 and Port 44818, using proper network infrastructure controls such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation products, see Knowledgebase Article ID 898270.
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
See Also
http://www.nessus.org/u?4642709c
http://www.nessus.org/u?80fef307
https://www.cisa.gov/news-events/ics-advisories/icsa-20-072-03
Plugin Details
Severity: Medium
ID: 504956
File Name: tenable_ot_rockwell_CVE-2019-1649.nasl
Version: 1.3
Type: remote
Family: Tenable.ot
Published: 1/16/2026
Updated: 2/6/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-1649
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Temporal Score: 6
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:rockwellautomation:allen-bradley_1783-sad2t2spk9_stratix_5950_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_1783-sad4t0spk9_stratix_5950_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_1783-sad2t2sbk9_stratix_5950_industrial_managed_ethernet_switch, cpe:/h:rockwellautomation:allen-bradley_1783-sad4t0sbk9_stratix_5950_industrial_managed_ethernet_switch
Required KB Items: Tenable.ot/Rockwell
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/3/2020
Vulnerability Publication Date: 10/3/2020
Reference Information
CVE: CVE-2019-1649
CWE: 284
ICSA: 20-072-03