← Back to home
ICSA-16-287-04  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

Rockwell Automation Stratix Denial-of-Service and Memory Leak Vulnerabilities

CVSS 9.9 CRITICAL

CVEs (4)

Remediations

  • Rockwell Automation encourages users using affected versions of these Stratix products to update to the latest available software versions addressing the associated risk, and including improvements to further harden the software and enhance its resilience against similar malicious attacks. Users can find the latest firmware version by selecting their device at the following web site: (http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15)
  • Additional precautions and risk mitigation strategies specific to these types of attacks are recommended in the Rockwell Automation security release. When possible, multiple strategies should be implemented simultaneously. (https://rockwellautomation.custhelp.com/app/answers/detail/a_id/942592)
  • Please also refer to Cisco’s security advisories for additional workarounds and details for these vulnerabilities: (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados)
  • Please also refer to Cisco’s security advisories for additional workarounds and details for these vulnerabilities: (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp)
  • Please also refer to Cisco’s security advisories for additional workarounds and details for these vulnerabilities: (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns)
  • Please also refer to Cisco’s security advisories for additional workarounds and details for these vulnerabilities: (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi)

Affected Vendors

Rockwell Automation

Affected Products (5)

Rockwell Automation · Allen-Bradley Stratix 5400 Industrial Ethernet Switches <=15.24EA3
Rockwell Automation · Allen-Bradley Stratix 5410 Industrial Distribution Switches <=15.24EA3
Rockwell Automation · Allen-Bradley Stratix 5700 Industrial Managed Ethernet Switches <=15.24EA3
Rockwell Automation · Allen-Bradley Stratix 8000 Modular Managed Ethernet Switches <=15.24EA3
Rockwell Automation · Allen-Bradley ArmorStratix 5700 Industrial Managed Ethernet Switches <=15.24EA3

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more