Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of several vulnerabilities in the OpENer EtherNet/IP stack that could expose commercial systems to denial-of-service (DoS) attacks, information leaks, and remote code execution.
All OpENer dedicates and variations prior to February 10, 2021, are impacted, although there are no known public exploits that particularly target these vulnerabilities.
The four security defects were found and reported to CISA by researchers Tal Keren and Sharon Brizinov from functional technology security business Claroty. Furthermore, a fifth security issue determined by Claroty was previously revealed by Cisco Talos (CVE-2020-13556) on December 2, 2020.
” An enemy would only require to send crafted ENIP/CIP packages to the device in order to make use of these vulnerabilities,” the researchers said.
CVE-2020-13556 issues an out-of-bounds compose vulnerability in the Ethernet/IP server that could possibly enable an opponent to send a series of specially-crafted network demands to activate remote code execution. Its rated 9.8 out of 10 in intensity.
The 4 other defects revealed to EIPStackGroup, the maintainers of the OpENer stack, in October 2020 are as follows–.
Suppliers utilizing the OpENer stack are suggested to update to the newest version while likewise taking protective procedures to minimize network exposure for all control system gadgets to the internet, set up firewall software barriers, and isolate them from the company network.
This is far from the very first time security issues have actually been uncovered in EtherNet/IP stacks. Last November, Claroty researchers exposed a vital vulnerability uncovered in Real-Time Automations (RTA) 499ES EtherNet/IP stack might open up the commercial control systems to remote attacks by enemies.
Found this post fascinating? Follow THN on Facebook, and LinkedIn to learn more special material we post.
This content was initially released here.


Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post