← Back to home
ICSA-18-107-05  ·  Published 2018-04-17  ·  View on CISA ICS-CERT ↗

ICSA-18-107-05_Rockwell Automation Stratix Industrial Managed Ethernet Switch

CVSS 8.8 HIGH CISA KEV — Known Exploited

CVEs (1)

Remediations

  • Rockwell Automation has released the following knowledge base article 1073315
  • Cisco has released new Snort Rules
  • Smart Install is turned off by express setup
  • CVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place.
  • Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.
  • Locate control system networks and devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Allen-Bradley Stratix 8300 Industrial Managed Ethernet Switches <= 15.2(4a)EA5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more