Detections
Analytics

Rockwell Automation Stratix and ArmorStratix Switches < 15.3 IOS SNMP Remote Code Execution (ICSA-17-208-04)

high Nessus Network Monitor Plugin ID 720289

Synopsis

Rockwell Automation/Allen-Bradley Stratix and ArmorStratix Switches &lt; 15.3 IOS may be be exploitable remotely because of the vulnerabilities in the SNMP subsystem of Cisco IOS and IOS XE software.

Description

Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to execute code on an affected system or cause an affected system to crash and reload.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://www.us-cert.gov/ics/advisories/ICSA-17-208-04

Plugin Details

Severity: High

ID: 720289

Family: SCADA

Published: 9/4/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 8/24/2017

Vulnerability Publication Date: 8/24/2017

Reference Information

CVE: CVE-2017-6736