The US Cyber ​​Security and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of several vulnerabilities in the Opener EtherNet / IP stack, which could cause industrial systems to be denied service (DoS) attacks, data leaks, and remote code. Performance.

All opener versions and versions prior to February 10, 2021 are affected, although there are no known public exploits that specifically target this vulnerability.

Four security flaws were discovered and reported to CISA by researchers Tal Karan and Sharon Brizinov of operational technology security company Parotti. Additionally, the fifth security issue identified by Clarty was first revealed by Cisco Talos (CVE-2020-13556) on December 2, 2020.

“An attacker would only need to send ENIP / CIP packets designed into the device to exploit these vulnerabilities,” the researchers said.

CVE-2020-13556 writes a vulnerability to an Ethernet / IP server that could potentially allow an attacker to send a series of specially crafted network requests to trigger remote code execution. It is seriously rated 9.8 out of 10.

Four other flaws have been revealed for EIPStackGroup, the maintainers of the opener stack, in October 2020:

CVE-2021-27478 (CVSS Score: 8.2) – A bug in the manner of Common Industrial Protocol (CIP) requests, leading to a DoS situation.
CVE-2021-27482 (CVSS Score: 7.5) – Fault leveraging packets designed specifically to read arbitrary data from memory
CVE-2021-27500 and CVE-2021-27498 (CVSS Score: 7.5) – Two accessible vulnerabilities that can be exploited to result in a DoS situation
Vendors using the opener stack are recommended to update to the latest version, as well as take protective measures to minimize network risk for all control system devices on the Internet, erect firewall locks, and Separate them from business networks.

This is the first time security issues have been detected in the EtherNet / IP stack. Last November, Clarity researchers revealed an important vulnerability exposed in the Real-Time Automation (RTA) 499ES Ethernet / IP stack that could open industrial control systems to remote attacks by opponents.