ICSA-22-300-03 · Published 2022-10-27 · View on CISA ICS-CERT ↗

Rockwell Automation Stratix Devices Containing Cisco IOS

CVSS 8.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could lead to a denial-of-service condition and allow remote code execution.

CVE-2020-3229 CVE-2020-3219 CVE-2021-1446 CVE-2020-3200 CVE-2020-3211 CVE-2020-3218 CVE-2020-3209 CVE-2021-1385 CVE-2020-3516

Rockwell Automation has addressed these vulnerabilities updates and encourages users to combine these updates with Rockwell Automation's Security Best Practices:
(CVE-2020-3229) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2020-3219) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2021-1446) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2020-3200) Stratix 5800 switches: Update to v16.12.01 or later
(CVE-2020-3200) Stratix 5400/5410 switches: Update to v15.2(7)E2 or later
(CVE-2020-3211) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2020-3218) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2020-3209) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2021-1385) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later
(CVE-2020-3516) Stratix 5800 switches: Update to Stratix 5800 v17.04.01 or later

Rockwell Automation

Rockwell Automation · Rockwell Automation Stratix Devices <16.12.01

Rockwell Automation · Rockwell Automation Stratix Devices <15.2{7}E2

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.