Promass 83 devices utilizing 499ES EtherNet/IP (ENIP) Stack by Real Time Automation (RTA) are vulnerable to a stack-based buffer overflow.
Update A, 2021-10-07:
Multiple products of PILZ utilise a third-party TCP/IP implementation - the "Niche Ethernet Stack". This TCP/IP stack contains multiple vulnerabilities which are therefore affecting the products listed above.
Multiple vulnerabilities were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT and WAGO-I/O-Pro (CODESYS 2.3) installations. All currently existing e!COCKPIT installation bundles and WAGO-I/O-Pro (CODESYS 2.3) installation bundles with Version 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206 and 220.127.116.11 contain vulnerable versions of WIBU-SYSTEMS Codemeter.
The Web-Based Management (WBM) of WAGOs programmable logic controller (PLC) is typically used for administration, commissioning and updates.
With special crafted requests it is possible to read and write some special parameters without authentication.
This vulnerability is different to advisory SAV-2020-014 / VDE-2020-028.
WAGO controllers have always been designed for easy connection to IT infrastructure. Even controllers from legacy product lines support encryption standards to ensure secure communication.
With special crafted requests it is possible to bring the device out of operation.
All listed devices are vulnerable for this denial of service attack.
Critical vulnerabilities have been discovered in the utilized component TRECK TCP/IP Stack by Digi International Inc.
For more information see advisory by Digi International Inc.:
Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International
Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.
The impact of the vulnerabilities on the affected device may result in