CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.6%
A vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501770);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");
script_cve_id("CVE-2018-0175");
script_xref(name:"ICSA", value:"18-107-04");
script_xref(name:"ICSA", value:"18-107-05");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/17");
script_name(english:"Rockwell Automation Stratix and ArmorStratix Switches Use of Externally-Controlled Format String (CVE-2018-0175)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the LLDP subsystem of Cisco IOS Software
and Cisco IOS XE Software could allow an adjacent,
unauthenticated attacker to cause a DoS condition or
execute arbitrary code with elevated privileges.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-04
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce3d1989");
# https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-05
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?37660900");
# https://www.rockwellautomation.com/en-us/support/advisory.PN1019.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0baec066");
# https://www.rockwellautomation.com/en-us/support/advisory.PN1020.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?85ccd272");
# https://www.rockwellautomation.com/en-us/support/advisory.PN1021.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a252fb13");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-04");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-18-107-05");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Rockwell Automation recommends users upgrade to FRN 15.2(6)E1 or later. Updated software can be downloaded at:
http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15
Rockwell Automation has provided knowledge base article number 1073268 on their website at the following location to
address these vulnerabilities:
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073268/ (login required)
Rockwell Automation also recommends implementing the following mitigations in addition to upgrading the software
version:
Cisco has released new Snort Rules at https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html
to help address the following vulnerabilities:
- CVE-2018-0171 - Snort Rule 46096 and 46097
- CVE-2018-0156 - Snort Rule 41725
- CVE-2018-0174 - Snort Rule 46120
- CVE-2018-0172 - Snort Rule 46104
- CVE-2018-0173 - Snort Rule 46119
- CVE-2018-0158 - Snort Rule 46110
Cisco adds the following notes for the Smart Install vulnerabilities (CVE-2018-0171 and CVE-2018-0156):
- Smart Install is turned off by express setup; however, upgraded switches but not re-setup may have it enabled.
- Disable the Smart Install feature with the no vstack configuration command if it is not needed or once setup is
complete.
- Users who do use the featureâand need to leave it enabledâcan use ACLs to block incoming traffic on TCP port 4786.
CVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory
for more details:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
Rockwell Automation also recommends users implement the following general security guidelines:
- Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible
from the Internet.
- Locate control system networks and devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may
have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as
secure as the connected devices.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0175");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(755);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_5400_industrial_managed_ethernet_switch");
script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_5410_industrial_managed_ethernet_switch");
script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_5700_industrial_managed_ethernet_switch");
script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch");
script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_8000_industrial_managed_ethernet_switch");
script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Rockwell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Rockwell');
var asset = tenable_ot::assets::get(vendor:'Rockwell');
var vuln_cpes = {
"cpe:/h:rockwellautomation:allen-bradley_stratix_5400_industrial_managed_ethernet_switch" :
{"versionEndIncluding" : "15.2(6)E0a", "family" : "Stratix"},
"cpe:/h:rockwellautomation:allen-bradley_stratix_5410_industrial_managed_ethernet_switch" :
{"versionEndIncluding" : "15.2(6)E0a", "family" : "Stratix"},
"cpe:/h:rockwellautomation:allen-bradley_stratix_5700_industrial_managed_ethernet_switch" :
{"versionEndIncluding" : "15.2(6)E0a", "family" : "Stratix"},
"cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch" :
{"versionEndIncluding" : "15.6.3M1", "family" : "Stratix"},
"cpe:/h:rockwellautomation:allen-bradley_stratix_8000_industrial_managed_ethernet_switch" :
{"versionEndIncluding" : "15.2(6)E0a", "family" : "Stratix"},
"cpe:/h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch" :
{"versionEndIncluding" : "15.2(4a)EA5", "family" : "Stratix"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
98.6%