Rockwell Automation Alerts Customers of Cisco Zero-Day Impacting Stratix Switches
October 24, 2023
Rockwell Automation has issued a warning to its customers regarding the impact of a currently exploited Cisco IOS XE zero-day vulnerability on its Stratix industrial switches. The company has identified that unidentified hackers are exploiting two zero-day vulnerabilities in Cisco IOS XE, tracked as CVE-2023-20198 and CVE-2023-20273. The attackers are creating high-privileged accounts on the affected devices and deploying a Lua-based implant that grants them full control of the system.
Shortly after Cisco disclosed the first zero-day, the cybersecurity community discovered tens of thousands of systems that had been compromised. Last week, Rockwell informed its customers that its Stratix 5800 and 5200 managed industrial Ethernet switches, which operate on the Cisco IOS XE operating system, are impacted by CVE-2023-20198. However, the devices are only affected if the IOS XE web UI feature is activated.
Rockwell's security advisory, published prior to the discovery of the second zero-day, does not mention anything about CVE-2023-20273, which attackers have been using to deliver the implant. Nevertheless, this flaw also affects the IOS XE software, indicating that it likely impacts Rockwell’s switches too.
Rockwell’s advisory disclosed that no patches were available at the time, but Cisco has since released fixes. Rockwell has pledged to provide updates as more information becomes available, highlighting that it's not aware of any attacks specifically targeting its products. 'While Rockwell Automation has no evidence of active exploitation against the Stratix product line, this vulnerability was discovered by Cisco Talos during an incident response for a Cisco customer,' the company stated.
The US cybersecurity agency CISA issued its own advisory on Tuesday to alert organizations about Rockwell’s advisory. The ultimate objective of the attackers is still unclear. They still possess control over tens of thousands of Cisco routers and switches, and they have updated their implant in an attempt to maintain control.
Related News
- Cisco Addresses Zero-Day Vulnerabilities in IOS XE Devices
- Hackers Modify Cisco IOS XE Backdoor to Evade Detection
- Cisco Reveals Exploited IOS XE Zero-Day Used to Deploy Malware
- Massive Cyberattack Targets Cisco IOS XE Devices Through CVE-2023-20198 Exploitation
- Unpatched Zero-Day Vulnerability Compromises Over 10,000 Cisco IOS XE Systems
Latest News
- Russian Hackers Exploit Roundcube Zero-Day to Target European Governments
- VMware Addresses Critical Code Execution Vulnerability in vCenter Server
- VMware Alerts Users to Public Exploit for vRealize RCE Vulnerability
- Microsoft Exchange Server Vulnerability: PoC Exploit for CVE-2023-36745 Published
- Citrix Urges Immediate Patching of NetScaler CVE-2023-4966 Vulnerability Amid Ongoing Attacks
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.