According to a new CISA security advisory, several vulnerabilities exist in the OpENer EtherNet/IP that could lead to denial-of-service attacks, remote code execution, and data leaks against industrial systems. Versions of OpENer released before February 10, 2021 are exposed to the attacks. Fortunately, there are no indications of active exploits against these vulnerabilities.
OpENer EtherNet/IP Vulnerabilities: Technical Details
The four vulnerabilities include CVE-2021-27478, CVE-2021-27482, CVE-2021-27500, and CVE-2021-27498.
CVE-2021-27478 is described as incorrect conversion between numeric types. The vulnerability can be exploited if a specially crafted packet is sent by an attacker against the vulnerable device. This would create a denial-of-service condition.
CVE-2021-27482 is an out-of-bounds issue that could be triggered by a malicious packet allowing the attacker to read arbitrary data.
CVE-2021-27500 and CVE-2021-27498 are issues related to reachable assertion, according to the advisory. The vulnerabilities can be triggered by a malicious packer and can be exploited in denial-of-service attack scenarios.
All four flaws were discovered and reported by security researchers Tal Keren and Sharon Brizinov from Claroty.
It is noteworthy that there’s a fifth flaw the researchers discovered, previously reported by Cisco Talos. The vulnerability in question is CVE-2020-13556.
CVE-2020-13556 is an out-of-bounds write issue in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. “A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability,” Cisco Talos said.
What Is OpENer EtherNet/IP?
According to GitHub, OpENer EtherNet/IP is an EtherNet/IP stack for I/O adapter devices. The project supports multiple input-output and explicit connections, and includes objects and services for making EtherNet/IP-compliant products as defined in the ODVA specification. ODVA technologies include the Common Industrial Protocol also known as “CIP,” ODVA’s media-independent, object-oriented protocol, and ODVA’s network adaptations of CIP – EtherNet/IP, DeviceNet, ControlNet and CompoNet.