CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
100.0%
**ATTENTION:**Remotely exploitable/low skill level to exploit.
Vendor: Rockwell Automation
Equipment: Stratix 5900
Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal_._
This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT web site.
Rockwell Automation reports that these vulnerabilities affect the following Stratix 5900 Services Routers:
An attacker who exploits these vulnerabilities may be able to perform man-in-the-middle attacks, create denial of service conditions, or remotely execute arbitrary code.
Rockwell Automation has provided a new firmware version, Version 15.6.3, to mitigate these vulnerabilities.
Rockwell Automation encourages users of the affected versions to update to the latest available software versions addressing the associated risk, and including improvements to further harden the software and enhance its resilience against similar malicious attacks. Users can find the latest firmware version by searching for their device at the following web site:
<http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15>
Additional precautions and risk mitigation strategies specific to these types of attacks are recommended in the Rockwell Automation security release. When possible, multiple strategies should be implemented simultaneously.
<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1041191>
Please also refer to Cisco’s security advisories (linked below) for additional workarounds and details for these vulnerabilities.
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICS‑CERT Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability.
CVE-2016-6380 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H).
Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability.
CVE-2016-6393 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H).
Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability.
CVE-2016-6384 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVE-2016-6381 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities.
CVE-2016-6382 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products.
CVE-2016-6415 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability.
CVE-2016-1409 has been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).
CVE-2016-1350 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVE-2016-1344 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015.
CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, and CVE-2015-7871 have been assigned to these vulnerabilities. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L).
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products.
CVE-2015-1798 and CVE-2015-1799 have been assigned to this vulnerability. A CVSS v3 base score of 5.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N).
CVE-2015-0642 and CVE-2015-0643 have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability.
CVE-2015-0646 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products.
CVE-2015-0207, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, and CVE-2015-1787 have been assigned to these vulnerabilities. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N).
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability.
CVE-2014-3566 has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N).
Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability.
CVE-2014-3359 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Metadata Vulnerabilities.
CVE-2014-3355 and CVE-2014-3356 have been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Network Address Translation Denial of Service Vulnerability.
CVE-2014-3361 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software RSVP Vulnerability.
CVE-2014-3354 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability.
CVE-2014-3360 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software IPsec Denial of Service Vulnerability.
CVE-2014-3299 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products.
CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, and CVE-2014-3470 have been assigned to these vulnerabilities. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability.
CVE-2014-2113 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability.
CVE-2014-2108 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Network Address Translation Vulnerabilities.
CVE-2014-2109 and CVE-2014-2111 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability.
CVE-2014-2106 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco IOS Software SSL VPN Denial of Service Vulnerability.
CVE-2014-2112 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
Cisco Systems, Inc. reported these vulnerabilities to Rockwell Automation.
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Area Deployed: Worldwide
**Company Headquarters Location:**United States
compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0221
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2106
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2108
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2109
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2111
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2112
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2113
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3299
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3354
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3355
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3356
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3359
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3360
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3361
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0207
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0209
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0285
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0287
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0288
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0289
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0290
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0291
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0292
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0293
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0646
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1787
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7691
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7692
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7701
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7702
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7703
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7704
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7705
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7848
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7849
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7850
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7851
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7852
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7853
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7854
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7855
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7871
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1344
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1350
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1409
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6380
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6380
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6381
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6382
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6384
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6415
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-04
cwe.mitre.org/data/definitions/119.html
cwe.mitre.org/data/definitions/119.html
cwe.mitre.org/data/definitions/119.html
cwe.mitre.org/data/definitions/189.html
cwe.mitre.org/data/definitions/190.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/264.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/310.html
cwe.mitre.org/data/definitions/310.html
cwe.mitre.org/data/definitions/310.html
cwe.mitre.org/data/definitions/362.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/399.html
cwe.mitre.org/data/definitions/476.html
nvd.nist.gov/vuln/detail/CVE-2015-0642
nvd.nist.gov/vuln/detail/CVE-2015-0643
nvd.nist.gov/vuln/detail/CVE-2015-1798
nvd.nist.gov/vuln/detail/CVE-2015-1799
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
rockwellautomation.custhelp.com/app/answers/detail/a_id/1041191
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140625-CVE-2014-3299
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
twitter.com/CISAgov
twitter.com/intent/tweet?text=Rockwell%20Automation%20Stratix%205900+https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-04
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-04&title=Rockwell%20Automation%20Stratix%205900
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-04
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Rockwell%20Automation%20Stratix%205900&body=www.cisa.gov/news-events/ics-advisories/icsa-17-094-04
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
100.0%