Some industrial networking devices are also vulnerable to the recently disclosed KRACK Wi-Fi attack, including products from Cisco, Rockwell Automation and Sierra Wireless.
KRACK, or Key Reinstallation Attack, is the name assigned to a series of vulnerabilities in the WPA2 protocol, which secures modern Wi-Fi networks. The flaws can allow an attacker within range of the targeted device to read information that the user believes is encrypted and, in some cases, possibly even inject and manipulate data (e.g. inject malware into a website).
The vulnerabilities are tracked as CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088. The security holes have been confirmed to affect products from tens of vendors, but many of them have already started releasing patches.
Since a majority of WPA2 implementations are affected, it’s not surprising that some industrial communications products are also exposed to KRACK attacks.
Cisco pointed out that of the ten KRACK flaws, only CVE-2017-13082 affects access points and other wireless infrastructure components, while the rest impact client devices.
In the case of Cisco, many of the company’s products are affected, including Cisco 829 Industrial Integrated Services routers and Industrial Wireless 3700 series access points. The networking giant has yet to release patches for the vulnerable industrial products. However, workarounds are available for six of the flaws.
According to an advisory from ICS-CERT, Rockwell Automation is working on releasing a firmware update for its Stratix 5100 Wireless Access Point/Workgroup Bridge. These industrial devices are used worldwide in the critical manufacturing, energy, and water sectors.
Devices running version 15.3(3)JC1 and earlier are impacted by CVE-2017-13082. Until patches become available, Rockwell has advised customers to take steps to prevent potential attacks, including limiting access to control system, and ensuring that software is patched, security products are deployed and untrusted websites are not accessed.
Sierra Wireless has also released an advisory to inform customers that a dozen of its products, including access points and client devices, are affected by the vulnerabilities. The company has promised to release patches over the coming months.
The list of affected Sierra Wireless devices includes industrial products such as the FX30 rugged gateway and the AirLink MP70 router.
Siemens has yet to publish an advisory regarding the impact of KRACK on its products, but the company did say that its experts are investigating the flaws.