Share: Email | Twitter

ID

VDE-2021-040

Published

2021-10-04 14:30 (CEST)

Last update

2021-10-07 17:43 (CEST)

Vendor(s)

ENDRESS+HAUSER

Product(s)

Name Order Code (root or material nr.) Affected versions
83*** Promass 83 1.00.00

Summary

Promass 83 devices utilizing 499ES EtherNet/IP (ENIP) Stack by Real Time Automation (RTA) are vulnerable to a stack-based buffer overflow.

Update A, 2021-10-07:

  • added credits
  • changed title from "ENDRESS+HAUSER: Promass 83 with Ether/IP affected by DoS vulnerability" to "ENDRESS+HAUSER: Promass 83 with Ether/IP affected by a stack-based buffer overflow"

 


Weakness

Stack-based Buffer Overflow  (CWE-121) 

Summary

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.


Impact

The vulnerability described can lead to a denial of service or even remote code execution.

Solution

Mitigation

If an immediate firmware update is not possible, the only way to prevent an attack is to disable communication via EtherNet/IP.

Remediation

Endress+Hauser provides updated firmware versions (Firmware versions >1.00.00) for the related product from the Proline portfolio which fixes the vulnerability. Endress+Hauser strongly recommends customers to update to the new fixed version. For support, please contact your local service center.

Reported by

Sharon Brizinov of Claroty reported this vulnerability to CISA.
CERT@VDE coordinated with ENDRESS+HAUSER.