October 24, 2023 at 03:03PM
Rockwell Automation has issued a warning to customers that its Stratix industrial switches are vulnerable to an actively exploited Cisco IOS XE zero-day vulnerability. Hackers have been taking advantage of this vulnerability to create high-privileged accounts and gain complete control of affected devices. Rockwell has confirmed that its Stratix 5800 and 5200 managed industrial Ethernet switches are affected. No patches are currently available, but Rockwell has promised to provide updates as more information becomes available.
From the meeting notes, the key takeaways are:
1. Rockwell Automation has warned customers about the impact of a zero-day vulnerability in Cisco IOS XE on its Stratix industrial switches.
2. Unidentified hackers have been exploiting two zero-day vulnerabilities in Cisco IOS XE to create high-privileged accounts and gain complete control of affected devices.
3. Tens of thousands of compromised systems have been discovered by the cybersecurity community after Cisco disclosed the first zero-day.
4. Rockwell’s Stratix 5800 and 5200 managed industrial Ethernet switches are affected by CVE-2023-20198 if the IOS XE web UI feature is enabled.
5. There is another zero-day vulnerability, CVE-2023-20273, that likely affects Rockwell’s switches as well, even though it wasn’t mentioned in their advisory.
6. Rockwell has no evidence of active exploitation against their Stratix product line, but the vulnerability was discovered during an incident response for a Cisco customer.
7. Cisco has released fixes for the vulnerabilities, but Rockwell’s advisory states that no patches are available.
8. The US cybersecurity agency CISA has published an advisory to notify organizations about Rockwell’s advisory.
9. The attackers still have control of tens of thousands of Cisco routers and switches and have updated their implant to maintain control.
10. The goal of the attackers is unclear at this point.
These takeaways provide a summary of the key points discussed in the meeting notes regarding the impact of the Cisco IOS XE zero-day vulnerabilities on Rockwell Automation’s Stratix industrial switches.