Rockwell Automation is warning that its Allen-Bradley Stratix and ArmorStratix industrial switches are exposed to hack due to security vulnerabilities in Cisco IOS. The list of flaws includes improper input validation, resource management errors, 7PK errors, improper restriction of operations within the bounds of a memory buffer, use of externally-controlled format string. The most critical vulnerability is the Cisco CVE-2018-0171 Smart Install, a flaw that could be exploited by an unauthenticated, remote attacker to cause a reload of a vulnerable device or to execute arbitrary code.”]
Source: https://securityaffairs.co/wordpress/71540/hacking/rockwell-automation-flaws.html