Table of Contents
Rockwell Automation Warns of Cisco Zero-Day Vulnerability
In a recent development, Rockwell Automation has issued a warning regarding a Cisco zero-day vulnerability impacting their Stratix switches. The manufacturing giant stated that the Stratix industrial managed ethernet switches are immediately affected by this exploit.
Immediate Impact on Stratix Industrial Switches
According to the information provided by Rockwell Automation, the Cisco zero-day exploit has had an immediate impact on their Stratix industrial switches. These switches that form critical components of many industrial processes, help in controlling and managing resources within a connected environment. The vulnerability poses a significant threat to those utilizing these switches within their industrial processes and can potentially cause disruption in operations.
Discovery and Exploitation of Two Cisco IOS XE Zero-Day Vulnerabilities
The security community has discovered two Cisco IOS XE zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, which have been listed as serious threats. These vulnerabilities are both integral aspects of the exploit witnessed at Rockwell Automation. Their exploitation can grant unauthorized access to affected systems, compromising the security and integrity of sensitive data.
Stratix 5800 and 5200 Managed Industrial Ethernet Switches Specifically Affected
While Stratix switches, in general, are at risk due to this vulnerability, more specifically, the Stratix 5800 and 5200 managed industrial Ethernet switches are specifically affected. Users of these devices are therefore warned to take preventive measures and remain vigilant to any unusual activities on their networks.
Lack of Patch Availability Noted in Rockwell’s Security Advisory
Within Rockwell Automation's security advisory, they noted the lack of available patches to fix these vulnerabilities. This presents a considerable risk, considering the severity of the vulnerabilities, and the urgency to rectify the situation cannot be overstated. They have encouraged users to keep themselves updated with further announcements regarding potential solutions to these vulnerabilities.
Extent of the Vulnerability
The Cisco zero-day vulnerability identified by Rockwell Automation has deep-seated implications. Here we list some of the critical points that detail the extent of the vulnerability.
Exploitation Leading to High-Privileged Account Creation and Control of System
The exploitation of the vulnerability allows the attackers to create highly privileged accounts, which subsequently gives them complete control over the system. Such unrestricted access could allow the implantation of malicious software and manipulation of system settings leading to a significant breach in security.
Large Scale Compromised Systems Discovered by Cybersecurity Community
The cybersecurity community has reported an alarming scale of compromised systems due to this vulnerability. The number of hacked Cisco devices through this unpatched flaw has risen significantly, bringing attention to the seriousness of the issue.
Second Zero-Day Vulnerability Used for Implant Delivery
Another crucial point to note is the use of a second zero-day vulnerability in the implant delivery process. This double attack shields the true nature of the operation and makes it more challenging to detect and mitigate the intrusion.
Response from Rockwell Automation and Cybersecurity Agencies
The response from Rockwell Automation and cybersecurity agencies has been swift, given the severity of the situation.
Release of Fix Patches by Cisco
Cisco, the developers of the affected Stratix switches, have released several fix patches to mitigate the vulnerabilities. Customers are encouraged to apply these updates promptly to secure their systems and infrastructure.
Promise of Further Updates and Awareness of Potential Attacks on its Products by Rockwell Automation
Following the detection of this vulnerability, Rockwell Automation has pledged to keep its customers informed of any developments. They are also working towards increasing awareness around potential cyber threats to their products.
Advisory by US Cybersecurity Agency CISA Alerting Organizations
The U.S. cybersecurity and Infrastructure Security Agency (CISA) has released an advisory alerting organizations about the vulnerabilities. They have urged firms to implement necessary updates and measures to safeguard against these threats.
Uncertain Objectives of the Attackers
Whilst the methods of attack are clear, the goals of the attackers remain uncertain. Here we list some of the potential objectives based on the observed activities.
Control over Vast Number of Cisco Routers and Switches
One clear objective can be inferred from the nature of the attack, which is to gain control over a significant number of Cisco routers and switches. However, the underlying motive behind this control is not evident.
Implant Updates for Maintaining Control over Compromised Systems
The use of the second vulnerability for implant delivery suggests a plan to maintain control over compromised systems. This could potentially aid the attacker in retaining access to manipulate the systems for their gains.
Unknown End Goals of Attackers
Despite the comprehensive nature of the attack, the end goal of the attackers remains unclear, adding a dimension of uncertainty to the threats posed by these vulnerabilities.
