Scribd Logo
Upload

Welcome to Scribd!

  • Security Advisory EtherNet IP Fieldbus Coupler Out-Of-bounds Write

    Uploaded by

    Sergio Trujillo
    6 views2 pages
    A critical vulnerability has been discovered in Weidmueller Remote I/O Fieldbus Couplers EtherNet/IP that could allow an attacker to send a specially crafted packet and cause a denial-of-service condition. The vulnerability is an out-of-bounds write affecting product numbers 1334920000 with firmware versions 01.00.00-01.08.00. Network restrictions and secure remote access methods are recommended as mitigations.

    Original Description:

    Original Title

    220621 Security Advisory EtherNet IP Fieldbus Coupler Out-Of-bounds Write

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A critical vulnerability has been discovered in Weidmueller Remote I/O Fieldbus Couplers EtherNet/IP that could allow an attacker to send a specially crafted packet and cause a denial-of-service condition. The vulnerability is an out-of-bounds write affecting product numbers 1334920000 with firmware versions 01.00.00-01.08.00. Network restrictions and secure remote access methods are recommended as mitigations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    Security Advisory EtherNet IP Fieldbus Coupler Out-Of-bounds Write

    Uploaded by

    Sergio Trujillo
    A critical vulnerability has been discovered in Weidmueller Remote I/O Fieldbus Couplers EtherNet/IP that could allow an attacker to send a specially crafted packet and cause a denial-of-service condition. The vulnerability is an out-of-bounds write affecting product numbers 1334920000 with firmware versions 01.00.00-01.08.00. Network restrictions and secure remote access methods are recommended as mitigations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Security Advisory

    EtherNet/IP Fieldbus Coupler out-of-bounds write


    Advisory
    Document identifier: D1529834
    Version: 1.0
    Initially published: 2022-06-21
    Last update: 2022-06-21
    Reference: VDE-2021-004

    Affected Products
    The following Weidmueller Remote I/O Fieldbus Couplers EtherNet/IP with the indicated firmware are affected:

    Product number Product name Firmware version


    1334920000 UR20-FBC-EIP 01.00.00-01.08.00

    The indicated firmware versions are only used on products of hardware version 01.xx.xx.
    Summary
    A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit
    (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
    This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service
    condition of the affected products.
    CVE(s)
    CVE ID CVE-2022-1737
    Severity 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
    Vuln. type Out-of-bounds Write (CWE-787)
    Description The affected products are vulnerable to an out-of-bounds write, which may allow an
    unauthorized attacker to send a specially crafted packet that may result in a denial-of-
    service condition.

    Impact
    Attackers with network access to the EtherNet/IP network may send a specially crafted packet that may result in
    a denial-of-service condition of the affected products which will cause them to crash. Crashed products will
    reboot within some seconds.
    Solution
    Mitigation:
    Weidmueller strongly recommends applying the following external protective measures:

     Restrict network access to the EtherNet/IP network containing affected products.


     If remote access is required, use secure methods such as virtual private networks (VPNs).
    Reported by
    The vulnerability was discovered internally.

    Weidmüller Interface GmbH & Co. KG


    Klingenbergstraße 26
    32758 Detmold, Germany
    T +49 5231 14-0
    F +49 5231 14292083
    www.weidmueller.com Page 1 of 2
    Security Advisory

    Weidmueller thanks CERT@VDE for the coordination and support with this publication.
    Support
    For support please contact Weidmueller at www.weidmueller.com/service.

    Weidmüller Interface GmbH & Co. KG


    Klingenbergstraße 26
    32758 Detmold, Germany
    T +49 5231 14-0
    F +49 5231 14292083
    www.weidmueller.com Page 2 of 2

    You might also like