Home>Blog>The Hacker News Headlines>Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
The Hacker News Headlines

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)
Thursday issued an advisory[1]
warning of multiple vulnerabilities in the OpENer EtherNet/IP[2]
stack that could expose industrial systems to denial-of-service
(DoS) attacks, data leaks, and remote code execution.

All OpENer commits and versions prior to February 10, 2021, are
affected, although there are no known public exploits that
specifically target these vulnerabilities.

The four security flaws were discovered and reported to CISA by
researchers Tal Keren and Sharon Brizinov from operational
technology security company Claroty. Additionally, a fifth security
issue identified by Claroty was previously disclosed by Cisco Talos
(CVE-2020-13556[3]) on December 2,
2020.

password auditor

“An attacker would only need to send crafted ENIP/CIP packets to
the device in order to exploit these vulnerabilities,” the
researchers said[4].

CVE-2020-13556 concerns an out-of-bounds write vulnerability in
the Ethernet/IP server that could potentially allow an attacker to
send a series of specially-crafted network requests to trigger
remote code execution. It’s rated 9.8 out of 10 in severity.

The four other flaws disclosed to EIPStackGroup, the maintainers
of the OpENer stack, in October 2020 are as follows —

  • CVE-2021-27478 (CVSS score: 8.2) – A bug in
    the manner Common Industrial Protocol (CIP[5]) requests are handled,
    leading to a DoS condition
  • CVE-2021-27482 (CVSS score: 7.5) – An
    out-of-bounds read flaw that leverages specially crafted packets to
    read arbitrary data from memory
  • CVE-2021-27500 and
    CVE-2021-27498 (CVSS scores: 7.5) – Two reachable assertion[6]
    vulnerabilities that could be exploited to result in a DoS
    condition

password auditor

Vendors using the OpENer stack are recommended to update to the
latest version[7]
while also taking protective measures to minimize network exposure
for all control system devices to the internet, erect firewall
barriers, and isolate them from the business network.

This is far from the first time security issues have been
unearthed in EtherNet/IP stacks. Last November, Claroty researchers
revealed[8]
a critical vulnerability uncovered in Real-Time Automation’s (RTA)
499ES EtherNet/IP stack could open up the industrial control
systems to remote attacks by adversaries.

References

  1. ^
    advisory
    (us-cert.cisa.gov)
  2. ^
    EtherNet/IP
    (en.wikipedia.org)
  3. ^
    CVE-2020-13556
    (talosintelligence.com)
  4. ^
    said
    (claroty.com)
  5. ^
    CIP
    (en.wikipedia.org)
  6. ^
    reachable assertion
    (cwe.mitre.org)
  7. ^
    latest
    version     (github.com)
  8. ^
    revealed
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.