Professional Documents
Culture Documents
Affected Products
The following Weidmueller Remote I/O Fieldbus Couplers EtherNet/IP with the indicated firmware are affected:
The indicated firmware versions are only used on products of hardware version 01.xx.xx.
Summary
A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit
(EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service
condition of the affected products.
CVE(s)
CVE ID CVE-2022-1737
Severity 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln. type Out-of-bounds Write (CWE-787)
Description The affected products are vulnerable to an out-of-bounds write, which may allow an
unauthorized attacker to send a specially crafted packet that may result in a denial-of-
service condition.
Impact
Attackers with network access to the EtherNet/IP network may send a specially crafted packet that may result in
a denial-of-service condition of the affected products which will cause them to crash. Crashed products will
reboot within some seconds.
Solution
Mitigation:
Weidmueller strongly recommends applying the following external protective measures:
Weidmueller thanks CERT@VDE for the coordination and support with this publication.
Support
For support please contact Weidmueller at www.weidmueller.com/service.