Critical vulnerability has been discovered in the utilized component 499ES EtherNet/IP Stack by Real Time Automation (RTA).
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit the vulnerability sending specially crafted packages that may result in a denial-of-service condition or code execution.
An external protective measure is required.
Sharon Brizinov of Claroty reported this vulnerability to CISA.
Coordinated by CERT@VDE