VDE-2021-042 | CERT@VDE

2021-10-18 10:24 (CEST) VDE-2021-042

Weidmueller: Remote I/O fieldbus couplers (IP20) affected by INFRA:HALT vulnerabilities

Share: Email | Twitter

ID

VDE-2021-042

Published

2021-10-18 10:24 (CEST)

Last update

2021-10-18 10:24 (CEST)

Vendor(s)

Weidmueller Interface GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
1334890000	UR20-FBC-CAN	<= 01.08.00
2625010000	UR20-FBC-CC	<= 01.00.02
2680260000	UR20-FBC-CC-TSN	<= 01.02.01
1334900000	UR20-FBC-DN	<= 01.08.00
1334910000	UR20-FBC-EC	<= 01.12.00
2659690000	UR20-FBC-EC-ECO	<= 01.00.01
1334920000	UR20-FBC-EIP	<= 02.11.00
2661310000	UR20-FBC-IEC61162-450	<= 01.01.00
2659700000	UR20-FBC-MOD-TCP-ECO	<= 01.00.00
2476450000	UR20-FBC-MOD-TCP-V2	<= 02.08.01
2614380000	UR20-FBC-PB-DP-V2	<= 01.10.00
1334940000	UR20-FBC-PL	<= 01.08.00
2659680000	UR20-FBC-PN-ECO	<= 01.00.02
2566380000	UR20-FBC-PN-IRT-V2	<= 01.11.00

Summary

The Weidmueller Remote I/O (IP20) fieldbus couplers (u-remote) are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. Weidmueller recommends restricting network access from the internet and also locally to reduce the attack vector to a manageable minimum.

Vulnerabilities

CVE-2021-31401

7.5

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Improper Input Validation (CWE-20)

Summary

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length ...

Source

nvd.nist.gov

CVE-2020-35684

7.5

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Improper Input Validation (CWE-20)

Summary

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to ...

Source

nvd.nist.gov

CVE-2020-35683

7.5

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Improper Input Validation (CWE-20)

Summary

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to ...

Source

nvd.nist.gov

Solution

Fieldbuses (including Industrial Ethernet protocols) in general are not intended for direct connection with the internet, as they lack a proper set of security capabilities. This also applies to Weidmüller IP20 Remote I/O fieldbus couplers, which are developed and designed for operation in closed industrial networks.

Remediation

Do not directly connect the affected products to the internet.
Restrict network access to the affected products by proper secured network infrastructure (e.g. routers, firewalls, DMZ, VPNs).
Restrict physical access to the industrial network and affected products (e.g cabinets, seals, closures).

Reported by

These vulnerabilities were discovered and reported by Forescout Technologies, Inc.
Weidmüller thanks CERT@VDE for the coordination and support with this publication.