Denial of Service in Rexroth ActiveMover using EtherNet/IP protocol

Published

2021-03-31 00:00:00 UTC

Summary

BOSCH-SA-282922: The ActiveMover with the EtherNet/IP communication module (Rexroth no. 3842 559 444) sold by Bosch Rexroth contains communication technology from Hilscher (EtherNet/IP Core V2) in which a vulnerability with high severity has been discovered. A denial of service and memory corruption vulnerability could allow arbitrary code to be injected through the network or make the EtherNet/IP device crash without recovery. The vulnerability only affects ActiveMover with firmware versions below 3.0.26.x using the EtherNet/IP communication module. If the product is used in closed (machine) networks with no access to the internet the risk of the vulnerability is very low.