The U.S. Cybersecurity and Infrastructure Stability Company (CISA) Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial techniques to denial-of-services (DoS) attacks, details leaks, and remote code execution.
All OpENer commits and versions prior to February 10, 2021, are influenced, although there are no regarded community exploits that especially goal these vulnerabilities.
The 4 protection flaws ended up learned and documented to CISA by researchers Tal Keren and Sharon Brizinov from operational know-how security company Claroty. Additionally, a fifth safety situation identified by Claroty was earlier disclosed by Cisco Talos (CVE-2020-13556) on December 2, 2020.
“An attacker would only need to mail crafted ENIP/CIP packets to the system in buy to exploit these vulnerabilities,” the scientists reported.
CVE-2020-13556 problems an out-of-bounds generate vulnerability in the Ethernet/IP server that could most likely allow an attacker to ship a series of specially-crafted network requests to induce distant code execution. It truly is rated 9.8 out of 10 in severity.
The four other flaws disclosed to EIPStackGroup, the maintainers of the OpENer stack, in October 2020 are as follows —
- CVE-2021-27478 (CVSS score: 8.2) – A bug in the manner Widespread Industrial Protocol (CIP) requests are managed, primary to a DoS affliction
- CVE-2021-27482 (CVSS rating: 7.5) – An out-of-bounds examine flaw that leverages specially crafted packets to study arbitrary facts from memory
- CVE-2021-27500 and CVE-2021-27498 (CVSS scores: 7.5) – Two reachable assertion vulnerabilities that could be exploited to consequence in a DoS problem
Suppliers utilizing the OpENer stack are proposed to update to the most current version when also getting protecting steps to lower network exposure for all control procedure products to the online, erect firewall barriers, and isolate them from the small business network.
This is far from the very first time protection challenges have been unearthed in EtherNet/IP stacks. Final November, Claroty researchers unveiled a vital vulnerability uncovered in True-Time Automation’s (RTA) 499ES EtherNet/IP stack could open up the industrial control units to remote attacks by adversaries.