Industrial automation giant Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco’s IOS XE software.
Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software. In fact, a majority of the security advisories released by the company for its Stratix products address flaws that exist in Cisco software.
The latest Stratix advisory released by Rockwell covers a total of 8 vulnerabilities affecting Stratix 5800 managed industrial Ethernet switches. One of the flaws, a privilege escalation issue related to the Common Industrial Protocol (CIP), impacts Stratix 8000, 8300, 5700, 5400 and 5410 switches as well.
The vulnerability impacting multiple Stratix products, tracked as CVE-2021-1392, is the most serious based on its CVSS score of 7.8. The security hole allows a local, authenticated attacker ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE