Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700 (ICSA-19-094-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on resource management errors and improper input validation vulnerabilities in Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700. Numerous products and versions of those products are affected. Successful exploitation of these vulnerabilities could result in a denial-of-service condition or time synchronization issues across the network via reloading the device, a buffer overflow, or memory exhaustion. Rockwell Automation recommends users upgrade to the latest versions and to apply a series of general guidelines. The NCCIC has also provided a series of measures for mitigating the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.