Share: Email | Twitter

ID

VDE-2021-004

Published

2022-06-21 10:00 (CEST)

Last update

2022-06-21 11:46 (CEST)

Vendor(s)

Weidmueller Interface GmbH & Co. KG

Product(s)

Article No┬░ Product Name Affected Version(s)
1334920000 UR20-FBC-EIP 01.00.00 <= 01.08.00

Summary

A critical vulnerability has been discovered in the utilized component EtherNet/IP Adapter Development Kit (EADK) by Pyramid Solutions, Inc.. For details refer to CVE(s).
This vulnerability may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition of the affected products.

The indicated firmware versions are only used on products of hardware version 01.xx.xx.


Weakness

Out-of-bounds Write  (CWE-787) 

Summary

The affected products are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.

Reported by

Weidmüller Interface GmbH & Co KG


Impact

Attackers with network access to the EtherNet/IP network may send a specially crafted packet that may result in a denial-of-service condition of the affected products which will cause them to crash. Crashed products will reboot within some seconds.

Solution

Mitigation

Weidmueller strongly recommends applying the following external protective measures:

  • Restrict network access to the EtherNet/IP network containing affected products.
  • If remote access is required, use secure methods such as virtual private networks (VPNs).

Reported by

The vulnerability was discovered by Weidmueller.
CERT@VDE coordinated with Weidmueller and CISA.